Hackers wipe United States servers of email provider VFEmail

Marco Green
February 13, 2019

Email provider VFEmail revealed this week that it endured a major setback in which an unknown hacker gained access to its United States servers and proceeded to wipe years worth of data and backups within just a few hours. An unknown attacker was later discovered in VFEmail's systems.

As further detailed in the alerts published on VFEmail's website, given that the USA mail was completely wiped out from all servers, "If you have your own email client, DO NOT TRY TO MAKE IT WORK".

It went on to catch the attacker at work "in the middle of formatting the backup server".

Interestingly, as VFEmail noted, there was no indication that the hacker had warned or contacted the site for any sort of ransom or demand before the attack happened, suggesting the point all along was to completely wipe out the service.

"Every VM (virtual machine) is lost.Every file server is lost, every backup server is lost", the company reported on Twitter, later adding, "There was no ransom".

The company's website is now back online, but its secondary domains are still down -such as chewiemail.com, clovermail.net, mail-on.us, manlymail.net, metadatamitigator.com, offensivelytolerant.com, openmail.cc, powdermail.com, and toothandmail.com.

Speaking with KrebsOnSecurity on Tuesday, Romero revealed that he was able to recover a backup drive that was hosted in The Netherlands. "If you reconnect your client to your new mailbox, all your local mail will be lost".

"I don't have very high expectations of getting any USA data back", Romero said in an online chat.

US users accessing their respective VFEmail accounts will be greeted by empty inboxes. "It looked like the IP was a Bulgarian hosting company". Or, I really pissed someone off.

This latest attack, however, isn't the first time that the service was shuttered by hackers.

The company, which provides security-focused free and paid email services, described the attack as "catastrophic" in a statement.

In December 2018, Romero tweeted that service had been disrupted by a DDoS attack that he attributed to "script kiddies", a derisive reference to low-skilled online hooligans.

While this is not the first time e-mail services were attacked, VFEmail is the first service which gets its data obliterated in a hacking attack without receiving a ransom note to avoid catastrophic data loss.

"After 17 years if I was planning to shut it down, it'd be shut down by me - not script kiddies", Romero wrote on December 8.

Other reports by Click Lancashire

Discuss This Article