A major cyber-attack has hit email provider VFEmail in what the company is calling a "catastrophic attack," which has destroyed all data in the US, including backups.
The company issued an alert via its website and social media accounts on February 11, 2019, warning, “At this time I am unsure of the status of existing mail for US users. If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your new mailbox, all your local mail will be lost.”
In an update, VFEmail owner Rick Romero wrote that new email was being delivered and that efforts were being made to recover what user data could be salvaged. Romero also noted that the malicious actor was last identified as aktv@94.155.49.9.
In one tweet, VFEmail said, “Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.”
These types of attacks are rare and highly destructive. “The devastating attack on VFEmail is a strong reminder to enterprises that a single keystroke or attack can destroy thousands of workloads and take down a business," said Balaji Parimi, CEO, CloudKnox Security.
“Attacks of this magnitude – where the goal is simply to attack and destroy – are well within the power of attackers who gain access to infrastructure. Enterprises need to do a better job of mitigating the threat of over-privileged identities, and that begins with gaining an understanding of which identities have access to the types of privileges that can destroy their business and limiting those privileges to properly trained, security-conscious personnel.”
That an attacker was able to pull off this attack also raises questions about the company’s disaster recovery plans, as this attack left VFEmail and some of its customers without access to their information.
“What disaster recovery strategy was in place and why wasn't data backed up into cold storage, thus making it unavailable to attackers?” asked Fausto Oliveira, principal security architect at Acceptto. “If they had a strategy in place, they should be able to recover at least a substantial part of their customers data.”