VFEmail Secure Email Provider Has All Data Wiped In Catastrophic Attack

A hacker has managed to wipe every server and backup of the VFEmail this week. VFEmail is, or more accurately was, a US-based secure email provider that has offered anonymous free and paid services since 2001.

VFEmail founder, Rick Romero, said in a tweet:

Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.

As far as hacks go, this is the worst possible scenario, VFEmail had its entire infrastructure wiped losing almost two decades worth of data.

VFEmail confirmed that the attack took place on 11 February and that all data, including backup data on their servers, had been wiped. They have also stated that the data is beyond recovery.

Within only a few hours of the attack, all infrastructure had been wiped, including mail hosts, virtual machine hosts, and an SQL server cluster.

On Twitter @VFEmail said:

“Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.”

There doesn’t seem to be any motive behind the attack, such as money, and it is still unclear who conducted the attack. An IP address involved in the attack appears to be registered to Bulgaria, and has the username “aktv”.

Twitter user and programmer @jremes84 said:

“Wow. Who ever did this was actually a skilled hacker: multi-account penetration and escaping Linux containers. Also, this type of attacks are rare since cybercriminals usually are after money. In which case, I suspect this case will repeat itself.”

Founder Romero believes the hacker most likely used a virtual machine to attack the infrastructure with multiple means of access, and wouldn’t have had to do two-factor authentication.

VFEmail was also attacked in 2015 by a group of hackers dubbed “Armada Collective”. The group targeted several email hosting platforms such as Hushmail, Runbox, and Protonmail in a ransom attack. When VFEmail refused to pay the ransom, they were hit with a DDoS attack.

Users of VFEmail will find their inboxes empty and no history of their emails. In a statement on their website, it says:

“www.vfemail.net and mail.vfemail.net are currently unavailable in their prior form.
We have suffered catastrophic destruction at the hands of a hacker, last seen as aktv@94.155.49.9
This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can.”

It is not yet clear whether VFEmail will be able to recover the lost data, but it doesn’t seem likely. Again, on Twitter VFEmail expressed some hope at partially recovering data:

“This is all I can do at this time. I will need to get into the datacenter to see if the one file server I caught during formatting can be recovered. If it can, we can restore mail, but most of the infrastructure is lost.”