Jump to content

Hackers Destroyed VFEmail Service – Deleted Its Entire Data and Backups

The AchieVer

Recommended Posts

Hackers Destroyed VFEmail Service – Deleted Its Entire Data and Backups

vfemail data backup hack
What could be more frightening than a service informing you that all your data is gone—every file and every backup servers are entirely wiped out?

The worst nightmare of its kind. Right?

But that's precisely what just happened this week with VFEmail.net, a US-based secure email provider that lost all data and backup files for its users after unknown hackers destroyed its entire U.S. infrastructure, wiping out almost two decades' worth of data and backups in a matter of few hours for no apparent reason.

Started in 2001 by Rick Romero, VFEmail provides secure, private email services to companies and end users, both free and paid-for.

Describing the attack as "catastrophic," the privacy-focused email service provider revealed that the attack took place on February 11 and that "all data" on their US servers—both the primary and the backup systems—has been completely wiped out, and it's seemingly beyond recovery.
"Yes, @VFEmail is effectively gone," Romero wrote on Twitter Tuesday morning. "It will likely not return. I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it."
The VFEmail team detected the attack on February 11 itself after it noticed all the servers for his service went offline without any notice.
vfemail hack
After two hours, the company reported that the attackers had been caught "in the middle of formatting its backup server," saying that it "fear all US-based data may be lost." 

However, shortly after that VFEmail confirmed that "all the disks on every server" had been wiped out, virtually erasing the company's entire infrastructure, including mail hosts, virtual machine hosts, and a SQL server cluster, within just a few hours.

"Strangely, not all VMs shared the same authentication, but all were destroyed," VFEmail explained. "This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy,"—a rare example of a purely destructive attack.

Although it is yet unclear who was behind this destructive attack and how the hack was pulled off, a statement posted to the company's website pointed to an IP address 94[.]155[.]49[.]9 and the username "aktv," which appears to be registered in Bulgaria.

Romero believes the hacker behind the above-mentioned IP address most likely used a virtual machine and multiple means of access onto the VFEmail infrastructure to carry out the attack, and as a result, no method of protection, such as 2-factor authentication, would have protected VFEmail from the intrusion.

The official website has now been restored and running, but all secondary domains still remain unavailable. If you are an existing user, expect to find your inboxes empty.

This isn't the first time the company has been attacked. In 2015, a group of hackers known as the "Armada Collective," who also targeted Protonmail, Hushmail, and Runbox, launched a DDoS attack against VFEmail after it refused to pay a ransom.




Link to comment
Share on other sites

  • Replies 3
  • Views 399
  • Created
  • Last Reply

There are some people who don't like the idea of secure email and its not difficult to guess who are those people.

Lots of people will stop using their service and some may actually use those email services which are easy to monitor.

Link to comment
Share on other sites

I just read yesterday Hackers have put more than 600 Million Email Accounts up for sale on The Dark Web 🤔

Link to comment
Share on other sites

4 hours ago, The AchieVer said:

provider that lost all data and backup files


Who puts their backup file system online where it is accessible to literally anyone.  The only time the backup system should be connected is during an actual backup, then it is take back offline.  Hopefully those users that have a NAS that they use for backups do the same thing.  Anyone who logs into their NAS and leaves it online subjects it to the same vulnerabilities their system is subject to when it is online.  A ransomware attack could encrypt the system and all attached file systems, or everything could be deleted as was the case cited above.


3 hours ago, J WACKO said:

I just read yesterday Hackers have put more than 600 Million Email Accounts up for sale on The Dark Web 🤔


Those email addresses/logins are ancient.  Over the last several weeks a myriad of researchers have looked at the data and found that someone has compiled various data releases over the years and there are even many duplicates in the database collections that have been released.  If you have good security practices you have nothing to worry about.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...