“Effectively gone”: Hackers wipe VFEmail servers of “all data in the US” | InfoWatch

You are here

“Effectively gone”: Hackers wipe VFEmail servers of “all data in the US”

Email provider VFEmail revealed this week that it endured a major setback in which an unknown hacker gained access to its US servers and proceeded to wipe years worth of data and backups within just a few hours, The Sputnik International reports.

VFEmail founder Rick Romero confirmed the attack on Tuesday. "Yes VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it," he wrote on Twitter.

The service, which aimed to offer users a better email experience by scanning messages and attachments for malware before they arrived in one's inbox, saw the beginning stages of its downfall on Monday, when Romero first noticed that several data centers were down.

Hours later, everything was gone, including mail hosts, virtual machine hosts and an SQL server cluster.

It's presently unclear why VFEmail was attacked. Romero indicated on Twitter that the hack wasn't part of a ransomware attack. "Just attack and destroy," he wrote.

A final tweet from VFEmail on Monday states that there is a slight possibility of one server being restored, but that the chances are limited.

What's even more concerning about this particular attack, Romero Notes, is that every aspect of the VFEmail system had a different password. "That's the scary part," he told his followers.

In an update posted on the company's website, Romero wrote that new email was being delivered, and that efforts to restore any data possible would continue.

"We have suffered catastrophic destruction at the hands of a hacker, last seen as aktv@," the posts reads. "This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can."

Speaking with KrebsOnSecurity on Tuesday, Romero revealed that he was able to recover a backup drive that was hosted in The Netherlands. He also noted that the hacker appeared to have committed the act from a Bulgaria-based server.

"I haven't done much digging yet on the actors," Romero told the publication. "It looked like the IP was a Bulgarian hosting company. So I'm assuming it was just a virtual machine they were using to launch the attack from."

"There definitely was something that somebody didn't want found. Or, I really pissed someone off. That's always possible," he added.

This latest attack, however, isn't the first time that the service was shuttered by hackers. In 2015, 2017 and 2018, VFEmail went through major hurdles after being disrupted by a series denial-of-service attacks, according to KrebsOnSecurity.