Hackers have breached the severs of electronic mail supplier VFEmail.internet and wiped the knowledge from all its US servers, destroying all US consumers’ knowledge within the procedure.
The assault came about the previous day, February 11, and used to be detected after the corporate’s website and webmail consumer went down with out realize.
“Right now, the attacker has formatted the entire disks on each and every server,” the corporate stated the previous day. “Each and every VM is misplaced. Each and every record server is misplaced, each and every backup server is misplaced.”
“This used to be greater than a multi-password by the use of SSH exploit, and there used to be no ransom. Simply assault and spoil,” VFEmail stated.
The corporate’s personnel is now running to get well consumer emails, however as issues stand presently, all knowledge for US consumers seems to were deleted for excellent and long past into /dev/null.
The corporate’s site is now again on-line, however its secondary domain names are nonetheless down –such as chewiemail.com, clovermail.internet, mail-on.us, manlymail.internet, metadatamitigator.com, offensivelytolerant.com, openmail.cc, powdermail.com, and toothandmail.com.
US customers having access to their respective VFEmail accounts shall be greeted by way of empty inboxes. Customers who can not get entry to their inboxes are instructed to ship themselves an electronic mail, in step with a proof at the corporate’s website.
There could also be no unsolicited mail filtering in position, however that is in all probability going to be the very last thing at the minds of VFEmail customers, seeing that many have in all probability misplaced delicate data that that they had subsidized up of their inboxes.
A VFEmail spokesperson used to be no longer to be had for remark on the time of e-newsletter.
It’s uncommon that hackers take steps to wipe out a complete corporate’s knowledge. Maximum assaults most often finally end up with hackers the use of compromised servers for different assaults (like operating botnets or website hosting malware), or with hackers inquiring for a ransom cost from hacked sufferers.
The biggest ransom call for ever paid identified up to now is by way of Nayana, a South Korean internet website hosting corporate which dished out $1 million in Bitcoin after hackers breached its community and ran the Linux-based Erebus ransomware that encrypted knowledge on 1000’s of shopper’ servers.
Again in November 2015, VFEmail used to be one of the most many on-line electronic mail suppliers that have been focused by way of Armada Collective, a gaggle of hackers who demanded ransom bills from sufferer firms to prevent ongoing DDoS assaults [1, 2].