In a “complex ‘hack and destroy’ assault,” hackers have dealt a catastrophic blow “privacy-focused” email provider VFEmail.
According to Bleeping Computer:
“The hackers did not leave a ransom note and, given the extent of the destruction, the service will most likely go offline to never return.”
In a tweet and statement, VFEmail’s owner confirmed that the attack ‘likely’ constitutes a death knell for the service:
Yes, @VFEmail is effectively gone. It will likely not return.
I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it.— Havokmon (@Havokmon) February 12, 2019
“I’m leaning towards not rebuilding. There was a lot of custom code that would need to be re-written, and it was never profitable. VFEmail didn’t make money on selling personal data or targeted ads. Even Adsense revenue had all but dried up.”
“This is not looking good. All externally facing systems, of differing OS’s and remote authentication, in multiple data centers are down.”
Within two hours tweeting that they were watching hackers destroy their systems, VFEmail announced on Twitter that hackers had managed to format all disks on all servers, and had effectively erased all the virtual mail hosted on the service.
VFEmail is reportedly not the first email service provider to be attacked in this way, but it appears to be the first ransomed for it.
VFEmail’s owner could only speculate as to the reasons behind the hack:
“I don’t know why this level of attack was executed. I wouldn’t say I have no idea why, but I hear rumblings of hackers using it, political dissidents, privacy advocates, sex traffickers, etc.. Anyone of those people could want data removed.”