Tuesday, October 22, 2019

Just when you think it can't get any worse: VFEmail attack

Organizations have a few options when it comes to their email service. They could have this on-premises, or with a service. One such service is VFEmail. The paramount aspect of this service is the data. Without the emails, active and archived, there are issues. These show up pretty much immediately also. Misplacing this is unthinkable. Losing this permanently would be epic. To state this would be a nightmare would be an understatement. Unfortunately, this occurred in February 2019 with VFEmail when the organization was successfully attacked, deleting the current data and backups. 

VFEmail.net was a US-based secure, private email provider. The organization was started in 2001 by Rick Romero. The organization provided the services free and for a fee. 
Attack
The attack took place on February 11. The staff happened to notice a problem when its servers went offline. There was no anticipated outage planned, which made this especially odd. The attacker was caught during the backup server being formatted. This particular server was located in the Netherlands. The end result of the attack was all the disks were completely wiped. This erased the organization’s entire infrastructure. This included the mail hosts, VM hosts, and a SQL server cluster. The attack appeared to have originated from IP 94.155.49.9 with the username “aktv”. This is registered in Bulgaria. All this damage occurred within a few hours. Fortunately, the servers in the Netherlands with the backups were not affected. 
Data 
The affected data included emails and backup files. In effect, this deleted nearly 20 years of data. The odd aspect of this attack was there was not a reason to delete the data. There was no ransom request ignored or other rationales to do this. The attackers just did it. These are generally the more encountered attacks. 
Post-Attack
The attacker was still unknown. Also, the attack method has not been published. VFEmail rebounding from this will be difficult, not only from the technical aspect but also from customer rapport. 

Resources
Al-Heeti, A. (2019, February 12). Email provider hack destroys nearly two decades’ worth of data. Retrieved from https://www.cnet.com/news/email-provider-hack-destroys-nearly-two-decades-worth-of-data/ 

Boyd, C. (2019, February 14). Hacker destroys VFEmail service, wipes backups. Retrieved from https://blog.malwarebytes.com/cybercrime/2019/02/hacker-destroys-vfemail-service-wipes-backups/ 

Emerson L. Sullivan. (2019, February 18). Hackers destroyed VFEmail service-Deleted its entire data and backups within hours. Retrieved from https://blog.yoocare.com/hackers-destroyed-vfemail-service-deleted-entire-data-backups-within-hours/ 

Goodin, D. 92019, February 12). “Catastrophic” hack on email provider destroys almost two decades of data. Retrieved from https://arstechnica.com/information-technology/2019/02/catastrophic-hack-on-email-provider-destroys-almost-two-decades-of-data/ 

Khandelwal, S. (2019, February 13). Hackers destroyed VFEmail service-deleted its entire data and backups. Retrieved from https://thehackernews.com/2019/02/vfemail-cyber-attack.html 

Krebs, B. (2019, February 19). Email provider VFEmai suffers “catastrophic” hack. Retrieved from https://krebsonsecurity.com/2019/02/email-provider-vfemail-suffers-catastrophic-hack/ 

Paganini, P. (2019, February 13). Hacker deleted all data from VFEmail servers, including backups. Retrieved from https://securityaffairs.co/wordpress/81030/hacking/femail-destructive-cyberattack.html 

Reynolds, C. (2019, February 13). “Catastrophic destruction”: Hacker takes a match to email provider. Retrieved from https://www.cbronine.com/author/conor/ 

Tech Info Gig. (2019, February 19). Hackers destroyed VFEmail service deleted its entire data and backups. Retrieved from https://techinfogig.blogspot.com/2019/02/hackers-destroyed-service.html 

No comments:

Post a Comment