Yesterday on February 11th, the email provider VFEmail announced that they had suffered a "catastrophic" attack that has led to the wipe and destruction of the entire organizational email structure. All primary and backup data from up to two decades ago appear to have been formatted. In a tweet, VFEmail reports that the attacker formatted all disks on every server including backups. They also wiped all the VMs along with file servers.
For those who are unaware, VFEmail has provided email services for both end users and businesses since 2001. The purpose of this email service is to provide a more secure method in sending emails. What VFEmail does is that it scans each email for signs of viruses or spam then blocks any threat it discovers. It is a light flexible method to send emails.
It was initially reported that several data centers went down but after looking into it, VFEmail caught the attacker in the middle of formatting one of the company's mail servers in the Netherlands. The attacker was last seen as [email protected] which is linked to the Daticum hosting service located in Bulgaria which is reported to be the ip of a VM host. According to VFEmail, this attack was strange because not all the VMs shared the same credentials so this wasn't just a simple attack as the attacker could potentially have been an insider or someone who has been probing the company for a while.
Reached out by KrebsOnSecurity, Romero, the founder of VFEmail has stated that he was able to recover a backup hosted in the Netherlands but he fears that all mail data in the U.S may be permanently lost.
In an update posted on the company's website, incoming mail is now being delivered but free users should not attempt to send mail. It is also stated that it is unknown about the status of mail for U.S users.
This goes as a destructive reminder on how devastating and quick attacks can occur. One thing that I want to note is that it doesn't appear that offline backups were used for VFEmail. While technology has certainly advanced where there are many options for backups online, nothing really beats having "old fashion" physical hard drives in a offsite location.