Email service provider loses 2 decades worth of data due to hack attack

Famed secure email service provider VFEmail has become a victim of a hack attack by an unknown cybercriminal. The company claims that it has suffered a “catastrophic destruction” of its US servers and almost two decades of data and backups in only a few hours.

The entire digital infrastructure of the company got destroyed by the attack. Started by Rick Romero in 2001, the Milwaukee, Wisconsin based email service provider offers services to end users as well as corporations and businesses.

See: Police Dept loses years worth of dashcam video to ransomware

The attack was identified early morning on February 11. The Twitter handle of VFEmail reported users who complained that they weren’t receiving messages anymore. Later on, the Twitter account posted this message:

“External facing systems, of differing OS’s and remote authentication, in multiple data centers are down.”

Reportedly, all the services of VFEmail were down and it was noticed that the attacker formatted almost everything. The Twitter account also reported that the email service provider “caught the perp in the middle of formatting the backup server.”

Romero also tweeted about the destructive attack on Tuesday morning: “Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.”

See: Best Encrypted Email Services for 2018

According to VFEmail, the attacker formatted all the disks on the US servers of the company and every single virtual machine was lost including every file, primary, and backup data.

Interestingly, all the virtual machines didn’t share the same authentication but all of them got destroyed. Apparently, the attack was much more than a regular multi-password SSH exploit. It is worth noting that the attacker simply wiped all the data and didn’t ask for ransom.

Romero informed users via the company’s website that new email was underway and they were trying to recover as much data as they can. They contacted Brian Krebs from KrebsOnSecurity on Tuesday and they could recover a backup drive that was hosted from the Netherlands. However, the company fears that US users’ data may never be recovered.

“At this time I am unsure of the status of existing mail for US users. If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your new mailbox, all your local mail will be lost,” read Romero’s statement on VFEmail’s website.

It isn’t clear who is the attacker and how did he manage to pull this off but the company did identify an IP address 94155499 that is registered in Bulgaria. They also learned about the username involved in causing the fiasco, which was aktv. 

See: Videographer sues Adobe after losing $250k worth of data through Premiere Pro bug

Romero stated that the attacker might have used various means of access including a virtual machine to access the company’s email infrastructure, which is why their security measures including 2FA authentication couldn’t prevent the attack. VFEmail’s website is not active but all of the company’s secondary domains ( are yet unavailable.

Did you enjoy reading this article? Kindly do like our page on Facebook and follow us on Twitter.

Related Posts