The independent email hosting service VFEmail.net has suffered a devastating cyber attack, wiping out 20 years of data. This highlights a problem that smaller independent tech companies face – a reduced ability to cope with more serious cyber threats.
You may not recognize the name VFEmail, but it is one of the very few remaining independent email service providers available and operates out of Milwaukee, Wisconsin, in the United States.
During an incident this week, an attacker formatted all the disks on every server. Every virtual machine has been lost. Every file server has been lost. Every backup server in the United States has been lost.
The attack has been devastating for the company and its many personal and business users and appears to have been done simply our of malice – not even for monetary gain, as is usual with most cyber attacks.
Most of the time hackers infiltrate a network for the purposes of gaining money. In this case, there doesn’t seem to be any known reason for the targeting by the unknown attacker.
The incident occurred on February 11, 2019, when the website suddenly went down due to the attack. From that moment, the users only got updates about the proceedings through the company’s Twitter account.
At around 11 AM (EST), the company tweeted that multiple servers were down and the services unavailable. In subsequent tweets, the company informed users that the attacker(s) had formatted all the disks on every server. This meant that all the data by the company was lost in the attack.
The company has not informed users how the hacker gained access, but the company’s founder raised further suspicion.
In a tweet from his personal account, Rick Romero expressed his wonder at how the perps managed to get their hands on multiple passwords and not just one.
Different structures in the company required different passwords, and yet the attackers still got their hands on all of them.
In the end, he just watched as data was formatted and his company destroyed. Users who log into the service can still send and receive emails, but all their previous messages have been lost. On the plus side, only US data was destroyed, but Rick stated that he may not keep the company.
“At this time, the attacker has formatted all the disks on every server,” wrote VFEmail’s Twitter account. “Every VM [virtual machine] is lost. Every file server is lost, every backup server is lost. Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.”
The incident at VFEmail highlights the challenges facing smaller internet companies such as these. They face the same difficulty as their larger counterparts like Google, and yet they may not have the manpower to counter major attacks such as these.
On the other hand, the increased attention towards smaller companies shows that people are getting fed up with the major corporations who have too much control over their privacy, choosing to go with smaller start-ups instead.
However, it’s a catch-22 and one of the major reasons why some people feel they have to just use big tech companies – torn between deciding what they feel they have to give up – privacy or security; wanting both.