[ad_1]
Email provider VFEmail has suffered what the company calls "catastrophic destruction" from an unidentified intruder, who has destroyed all the primary and backup data of society in the United States. The founder of the company said he was now concerned that 18-year-old customer emails will disappear forever.
Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides an email service to businesses and end users. The first signs of the attack appeared on the morning of February 11, when the company's Twitter account began transmitting information from users who said they were no longer receiving messages. VFEmail Twitter account responded that "external systems, with different operating systems and remote authentication, in multiple data centers are out of order".
Two hours later, VFEmail tweeted that he had surprised a hacker in the process of formatting one of the company's mail servers in the Netherlands.
"Nl101 is in place, but no incoming e-mail", read a tweet shortly thereafter. "I'm afraid all American data will be lost."
"At this point, the attacker has formatted all the disks of each server," wrote VFEmail. "Every VM [virtual machine] is lost. Each file server is lost, each backup server is lost. Strangely, all the virtual machines did not share the same authentication, but they were all destroyed. It was more than just an exploit with several pbadwords via an ssh exploit, and there was no ransom. Attack and destroy.
In an update posted on the company's website, the owner of VFEmail Rick Romero wrote that a new email was being delivered and that efforts were being made to recover the user data that could be retrieved.
"At the moment, I'm not sure about the status of existing mail for US users," Romero wrote. "If you have your own email client, DO NOT TRY TO OPERATE IT. If you reconnect your client to your new mailbox, all your local messages will be lost. "
Communicated by KrebsOnSecurity on Tuesday morning, Romero said it has been able to recover a backup disk hosted in the Netherlands, but fears that all mail destined for US users will be irretrievably lost.
"I do not really expect to recover US data," Romero said in an online chat.
John Senchak, a long-time Florida-based VFEmail user, who was also a faithful reader and commentator on this blog, told KrebsOnSecurity that the attack had completely erased his inbox from the company – some 60,000 emails sent and received over more than ten years.
"I have an account on this site, all emails from my account have been deleted," Senchak said.
When asked if he had any clues about the attackers or how they might have intruded, Romero said that the intruder seemed to be doing his dirty work from a Bulgarian-based server (94.155.49[9], username "aktv.")
"I have not yet done a lot of research on the actors," he said. "It seemed like the IP was a Bulgarian housing company. So I guess it was just a virtual machine that they used to launch the attack. There was definitely something that someone did not want to find. Or I really pissed someone off. It's always possible.
This is not the first time criminals are targeting VFEmail. I wrote about the company in 2015 after suffering a debilitating denial of service (DDoS) attack after Romero refused to pay a ransom request from an extortion group online. Another series of DDoS attacks in 2017 forced VFEmail to find a new hosting provider.
In December 2018, Romero tweeted this service had been disrupted by a DDoS attack that he attributed to "script kiddies", a derisory reference to low-skilled online hooligans.
"After 17 years, if I planned to close it, he would do it by me – not for the script kiddies", Romero wrote December 8th.
Attacks that attempt to completely destroy data and servers without warning or extortion demand are not as common as, say, ransomware infestations, but when they occur, they can be devastating (hacking 2014 Sony Pictures and the still unresolved attack of 2016 against the US Internet access to Staminus).
It is unclear whether VFEmail will recover from this latest attack, but such actions are a bewildering reminder that while most cybercriminals have some sort of short-term or long-term profit in mind, an intruder privileged access to a network can simply. Similarly, virtually destroy anything at hand because they can create malicious programs or extortion threats, such as ransomware.
Keywords: John Senchak, Rick Romero, VFEmail
This entry was posted on Tuesday, February 12th, 2019 at 08h33 and is filed under Data breaches.
You can follow the comments of this entry via the RSS 2.0 feed.
You can go to the end and leave a comment. Ping is currently not allowed.
[ad_2]
Source link
