‘Catastrophic’ Email Provider Hack Destroys Nearly Two Decades of Data

Enlarge / Toshiba MK1403MAV – broken glass top

Email provider VFEmail said it suffered a catastrophic destruction of all of its servers by an unknown attacker who wiped out nearly two decades of data and backups within hours.

“Yes, @VFEmail is indeed gone”, VFEmail founder Rick Romero wrote on Twitter Tuesday morning, after seeing someone methodically reformat the hard drives of the service he launched in 2001. “He probably won’t come back. I never thought that someone would care so much about my labor of love as they would want to destroy it completely and completely.

The ordeal began on Monday when he noticed all the servers in his department were down. Hours later, VFEmail’s Twitter account reported that the attacker “just format everything.” The account then reported that VFEmail “caught the culprit formatting the backup server.”

The damage, Romero reported, extended to the “entire infrastructure” of VFEmail, including mail hosts, virtual machine hosts, and a cluster of SQL servers. The extent of the damage, he suggested, required the hacker to have multiple passwords. “That’s the scary part.”

At the time of posting this article, a status page reported that VFEmail was delivering emails again, although it was not clear if the service worked for US-based accounts. The page also indicated that the subfolders and filters that users had previously configured were no longer in place. Free account users shouldn’t send emails yet, and no one should use email clients.

The motivation for the attack was not immediately clear. Most of the most destructive attacks in recent years have been part of ransomware rackets that threaten people with catastrophic data loss unless they make big cryptocurrency payments. But sometimes the targets do not see the ransom messages. It is also possible that VFEmail was the victim of some sort of personal grudge. Romero did not respond to messages seeking comment for this post.

A Web Cache shows that VFEmail was founded in 2001 in response to the ILOVEYOU virus that infected tens of millions of Windows computers around the world a year earlier. The virus got its name from the fact that it was transmitted in emails with the subject line “I love you”. The service aimed to provide a better messaging experience by scanning the messages for malware on the server.

“We strive to build a cost effective and redundant system, to provide our users with as much uptime as possible,” the VFEmail page said. “As mentioned, VFEmail started with a single machine, but over time we have grown, adding systems for load balancing / failover and segregation of services. More recently, we have used virtual machines to keep hardware acquisitions to a minimum [sic], in cases where this would not impact performance. By separating vital functions, upgrades, updates, and system issues can be quickly and easily isolated from the rest of the system and provide you with uninterrupted accessibility.

The status page indicated that the destruction was due to a “hacker, last seen as aktv@”. The IP address, according to the whois records, has links to the hosting services Daticum and Coolbox, both in Bulgaria.

“This IP address is a VM host,” Romero tweeted. “It’s like a launching pad for me. Reformatting an sql cluster (whaa?) And hitting vms hosted offsite by NL at the same time seems pretty infamous to me.

He went on to say that the attacker used several means of access to the VFEmail infrastructure and that as a result, it was not clear that two-factor authentication would have stopped the intrusion.

“2FA only works if the access method was through authentication, as opposed to exploitation,” he explained. “At least 3 different methods had to be used to enter everything. “

Source link

June J. Lopez

Leave a Reply

Your email address will not be published.