VFEmail system hacked: all data erased with no possibility of recovery

VFEmail.net cyber attack results in removal of data which was accumulated throughout 20 years

VFEmail system hacked: all data erased with no possibility of recoveryAll data with backups included was gone after a hacking attempt that was made on the VFEmail server

VFEmail, the well-known United States email provider, has experienced a brutal hack – the server was compromised and data, as well as its backups, of almost 20 years was permanently erased with no possibility to recover it. The ordeal, that the company called “catastrophic,” was initiated by unknown hackers. However, the attack was stopped before bad actors managed to infiltrate servers located outside the US.

Sadly, it is not the first time when VFEmail.net becomes the victim of similar attempts. In 2015, the company also faced an attack when they refused to pay a demanded price to the crooks. Criminals who were responsible for this are known as Armada Collective.[1]

While no specific information is known about the perpetrator, there were some details discovered after all. Cybersecurity researchers identified the username “aktv” who used IP address located in Bulgaria, so, experts already know that the cybercriminal's location is the country where the IP is registered in.[2] However, these details are not enough to catch the culprit, so the case might take quite some time longer.

The crook was caught in the middle of forming the backup server

The devastating attack occurred on the 11th of February. At the time, servers were unexpectedly shut down without any actions initiated by the employees. All important data and even their backups were permanently deleted with no chance of restoring. VFEmail.net has commented on this incident also. It claimed that specialists would be searching for ways to recover data, however, there are low chances for this possibility:[3]

This is all I can do at this time. I will need to get into the datacenter to see if the one file server I caught during formatting can be recovered. If it can, we can restore mail, but most of the infrastructure is lost.

Nevertheless, VFEmail.net claimed that all information from disks on every server had also been permanently erased. The data includes the entire infrastructure of the organization, mail hosts, virtual machine hosts, and other valuable content. These disastrous consequences were achieved in a mere few hours of malicious activity by the hacker. Additionally, the company itself caught the crook in the process of formatting the backup server:[4]

Caught the perp in the middle of formatting the backup server: dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559 via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null aktv@ -R -N

Moreover, the attack was created just to destroy targeted information, and no ransom was demanded. This surprised the company the most. Another surprising discovery was that all VMs were permanently damaged even though they did not have the same authentication. However, data backups that were located in the Netherlands remained untouched which let the company recover their service at least.[5]

No security measure would have helped to avoid such invasion

According to Romero, the director of VFEmail.net, the cybercriminal(s) used a virtual machine and other objects in order to launch this devastating attack, and the organization claims that no security technique would have helped to avoid this hack, even 2-factor authentication would have been useless against the activity.

Even though the company has restored its official website, there are very weak chances that lost data will be recovered. So, if you are one of those who use this email provider, there is a very high chance that you will find the inbox section of your email empty and that all important and stored information will be gone – unfortunately, permanently.

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions