On Monday, 11th February, Wisconsin-based email provider, VFEmail, was attacked by an intruder who trashed all of the company’s primary and backup data in the United States. Initial signs of this attack were noticed on Monday, February 11, when users started shooting tweets on the company’s Twitter account stating that they were no longer receiving messages.
According to Krebs on Security, “VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in the Netherlands.” Another tweet followed this stating, “nl101 is up, but no incoming email. I fear all US-based data may be lost.”
Following this, VFEmail’s founder, Rick Romero, tweeted yesterday, “Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.”
Yes, @VFEmail is effectively gone. It will likely not return.
I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it.
— Havokmon (@Havokmon) February 12, 2019
Another tweet on the VFEMail account said that the attacker formatted all disks on every server. VFEmail has lost every VM and all files hosted on the available servers. “NL was 100% hosted with a vastly smaller dataset. NL backups by the provider were intact, and service should be up there.”
At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. NL was 100% hosted with a vastly smaller dataset. NL backups by the provideer were intact, and service should be up there.
— VFEmail.net (@VFEmail) February 11, 2019
Romero has posted certain updates on the company’s website, one of which includes, “We have suffered catastrophic destruction at the hands of a hacker, last seen as firstname.lastname@example.org”. He also wrote, “ At this time I am unsure of the status of existing mail for US users. If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your new mailbox, all your local mail will be lost.”
John Senchak, a longtime VFEmail user from Florida, told Krebs on Security, that the attack completely deleted his entire inbox at the company–some 60,000 emails sent and received over more than a decade were lost. He also said, “It looked like the IP was a Bulgarian hosting company. So I’m assuming it was just a virtual machine they were using to launch the attack from. There definitely was something that somebody didn’t want found. Or, I really pissed someone off. That’s always possible.”
The company has assured the users that they are working to recover the data as soon as possible.
To know more about this news and stay updated, read VFEMail’s complete Twitter thread.