VFEmail: Secure email service loses EVERYTHING following hack
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

VFEmail: Secure email service loses EVERYTHING following hack

Apparently, some hackers just want to see the world burn

VFEmail was a US-based secure email service with nearly 20 years under its belt. That all ended on Monday when it suffered a massive hack that wiped out everything. Literally, everything. The servers. The backup servers. Every. Single. File.

All gone.

A couple days later, there doesn’t seem to be much to go on in the way of suspects, and the motives behind such an attack are still murky. But for all intents and purposes, a company has been destroyed. This is the nuclear scenario for most businesses.

So, today we’ll cover what happened and what if anything VFEmail could have done. Then we’ll finish by delving into why this kind of attack is more of an outlier – likely an act of personal malice – than our standard cybercrime fare.

Let’s hash it out.

How do you lose EVERYTHING?

VFEmail was created in 2001 by Rick Romero. It discovered it was under attack on Monday when all of its servers went down simultaneously. The company’s twitter feed serves as a time-stamped outline of events. Frankly, your heart goes out to everyone involved, you can gain a sense of the desperation and panic that began to take hold as things progressed.

For almost any company, this is akin to the nightmare scenario. Everything was lost.

The attack was described by VFEmail as “catastrophic.” The attackers were finally caught formatting one of the backup servers two hours after the attack had begun, but by that point it was too late. Everything had been lost and is now seemingly beyond recovery.

Later, on Twitter, Romero didn’t mince words about VFEmail’s future prospects.

This is not the first time VFEmail has been attacked, it was also the victim of a 2015 campaign that targeted a number of mail services, including Protonmail. That attack was carried out by the Armada Collective, who DDoSed it after VFEmail refused to pay a ransom.

This one was far worse. There’s not much to go on with regard to the perpetrator, either. VFEmail’s website mentions an IP address 94[.]155[.]49[.]9 and the username “aktv,” which appear to originate from Bulgaria.

Per the Hacker News:

Romero believes the hacker behind the above-mentioned IP address most likely used a virtual machine and multiple means of access onto the VFEmail infrastructure to carry out the attack, and as a result, no method of protection, such as 2-factor authentication, would have protected VFEmail from the intrusion.

This kind of attack is an outlier, but still a scary one

There’s a quote from the great Michael Caine, playing Alfred Pennyworth in the Dark Knight, where he describes the MO of the Joker.

 “…some men aren’t looking for anything logical, like money. They can’t be bought, bullied, reasoned, or negotiated with. Some men just want to watch the world burn.”

Alfred Pennyworth

That’s actually incredibly apropos of this situation, too.

Most cybercrime, like most crime in general, is done to achieve some kind of material benefit – generally money. Typically, the only reason an attacker would want to go through all of the trouble of hacking or breaching a company’s network is to somehow profit off it. It needs to be worth the time.

It needs to be profitable.

Cybercrime is a $1.5-trillion industry.

So hacking an email service just so you can completely wipe everything from its servers is a bit… counter-intuitive. What’s the payoff? What was gained?

That’s why it seems so likely this was the result of some kind of personal vendetta. At least, Occam’s razor would dictate so. From there, it gets even more conspiratorial and it’s probably not worth entertaining more outlandish hypotheticals until some more information comes out.

But suffice it to say this is an extremely unusual attack because whoever pulled it off doesn’t appear to have gained anything aside from whatever satisfaction may have come from wiping out a 20 year-old business.

This entire situation is bizarre. Hopefully we’ll get some more information soon.

In the meantime, if you’re using VFEmail you should have some extra space in your inbox.

As always, leave any comments or questions below…

Hashed Out by The SSL Store is the voice of record in the SSL/TLS industry.


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.