US-based email provider VFEmail.net has been the victim of a catastrophic cyber attack, as unknown hackers destroyed its entire infrastructure for no apparent reason.
In chilling messages posted to VFEmail’s Twitter account last night, the provider warned that all of its external-facing systems across multiple data centres had gone offline.
Two hours later, VFEmail revealed that the attacker had been caught formatting the company’s backup server, lamenting “I fear all US based data may be lost”.
Shortly afterwards, the account confirmed via Twitter that “all the disks on every server” had been erased, virtually wiping out the company’s entire infrastructure overnight. In an alert status posted during the attack, the company warned it had “suffered catastrophic destruction”.
The motivation behind the attack is currently unclear. There was no ransom demand, and the perpetrator did not appear to be interested in stealing any data; the company confirmed to one concerned customer that although the data was encrypted, “it doesn’t matter. They just formatted everything”.
The company also noted in a tweet that all its VMs were destroyed even though they used different authentication, suggesting that the perpetrator may have been operating with inside information.
The individual behind the company’s Twitter account mooted the possibility of recovering the single file server that they caught the hacker formatting, but warned that “most of the infrastructure is lost”.
Ian Thornton-Trump, IT Pro panellist and EMEA head of cyber security for AmTrust International, compared the incident to the 2014 attack on code-hosting service Code Spaces.
“They got nuked so bad they went out of business,” he said. “This is business destruction at cloud speed. I will bet money they did not have MFA on the privileged accounts and/or a vulnerability management program in place.”
“The thing that does make me sympathetic,” he continued, “is this attack could happen to any ‘100% cloud’ business. So figure out your plan to recover or not get hit in the first place – do yourself a favour, the customers a favour and the regulator a favour: take the security seriously before you find out just how bad your security is from a free pentest.”
VFEmail’s website is currently inaccessible, and the full status of its customer-facing services is unknown. IT Pro has reached out to VFEmail for more information on the potential motivation behind the hack and its current status, and will update this story as it develops.