In what is being described as catastrophic destruction, a malicious hacker destroyed all data from the servers of Milwaukee-based secure email service provider VFEmail. The attack began on the morning of February 11 and within a matter of hours, all servers had been formatted.
The attack has attracted significant interest from a cross section of technology experts, particularly specialists of cybersecurity and cybercrimes. What stunned most was the lack of successful off-site backups, resulting in nearly two decades worth of information being permanently lost.
This kind of catastrophic attack is rare due to the ambiguous motivations involved. There were no ransom demands or other apparent gains to be had for the hacker aside from the satisfaction of complete destruction and the loss of 18 years’ worth of emails for all users of the email service.
Rick Romero, founder and manager of VFEmail, says he has lost everything. All hard disks on VFEmail’s servers and backup servers were formatted, meaning the data cannot be recovered. With all emails and data gone, his business has been irreversibly destroyed. Romero tweeted that he expects this to be the end of VFEmail.
As of this moment, there has been no headway made on identifying the hacker, though the IP address used has been linked to two Bulgarian hosting services, Daticum and Coolbox. Romero suspects that the IP address found was used as a launch pad for a VM host.
All U.S. servers, the entire SQL cluster, together with the off-site backup server in the Netherlands, those using different OSs and remote authentication, and VMs also with different authentications were successfully formatted. This indicates that the attacker had multiple modes of access and consequently, Romero believes that there is not much in the way of security that could have prevented such an extensive attack.
Lack of Adequate Backups Blamed
However, despite the sophistication of the attack, it has been an unpleasant surprise for users to find that no off-site backups were successful in retaining any data, and no off-line backups had been utilized as a precaution.
Many in the U.S., who were highly critical of the European Union’s stiff GDPR that imposes massive penalties if companies fail to protect personal data residing on their servers, will now appreciate that only such strong-arm measures can emphasize the ends to which companies need to go in order to protect their customers.
The VFEmail case may serve as an example for those in the business, demonstrating how a single hack can wipe an entire system.
Not the First Time VFEmail Targeted
This incident isn’t the first that Romero has faced. VFEmail was targeted by the Armada Collective with a ransom demand in 2015 which Romero refused to pay. This group of hackers also targeted other secure email service providers including Protonmail, Runbox and Hushmail. The service consequently suffered a distributed denial-of-service (DDoS) attack.
Subsequent DDoS attacks two years later saw VFEmail forced to find a replacement hosting provider. The most recent attack, attributed by Romero to “script kiddies,” targeted VFEmail at the end of last year with another DDoS.
It remains to be seen whether there is any future for the email service provider or whether any information can be salvaged.