Jump to content

Hackers wipe US servers of email provider VFEmail


securitybreach

Recommended Posts

securitybreach

Holy crap:

 

"Hackers have breached the severs of email provider VFEmail and wiped the data from all its US servers, destroying all US customers' data in the process. The attack took place yesterday, February 11, and was detected after the company's site and webmail client went down without notice.

 

"At this time, the attacker has formatted all the disks on every server," the company said yesterday. "Every VM is lost. Every file server is lost, every backup server is lost." "This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy," VFEmail said.".....

 

ZQ67LU2.png

 

It is rare that hackers take steps to wipe out an entire company's data. Most attacks usually end up with hackers using compromised servers for other attacks (like running botnets or hosting malware), or with hackers asking for a ransom payment from hacked victim

 

https://www.zdnet.co...ovider-vfemail/

 

I have a feeling that this was state sponsored due to the fact that they didn't ask for any ransom. Only a script kiddie would do that and it was something that would probably take a team to accomplish. No one would would do this without wanting a payout of some sort.. Then again, someone could of used their servers for something malicious and then deleted their tracks. Who knows...

  • Like 2
Link to comment
Share on other sites

securitybreach

I do not know as they mentioned that the backups were destroyed as well. Not a lot of info has came out about the whole ordeal.

Link to comment
Share on other sites

V.T. Eric Layton

VFEmail? Never heard of it.

 

That would get really ugly if they did that with a popular email provider like Gmail or Yahoo or an ISP mail like AOL/Verizon. :(

  • Like 1
Link to comment
Share on other sites

Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users.

Source: https://krebsonsecurity.com/2019/02/email-provider-vfemail-suffers-catastrophic-hack/

 

Looks like they tried to wipe more.

Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in The Netherlands.
  • Like 3
Link to comment
Share on other sites

VFEmail? Never heard of it.

 

That would get really ugly if they did that with a popular email provider like Gmail or Yahoo or an ISP mail like AOL/Verizon. :(

VFEmail? Never heard of it.

 

Yeah, me neither :ermm:

That's what was good about it. It was a decent email provider, and most hackers hadn't ever heard of it.

 

I used to use it as my main/default, but eventually the spammers discovered it, and some ISPs would occasionally block it.

Looks like the spammers did me a favor, I got a new default in 2014,

  • Like 2
Link to comment
Share on other sites

They gave us a new POP server. It appears to work.

Webmail is working but it's apparently a new mailbox.

Instructions are on their incident page https://www.vfemail.net/incident.php

If you use IMAP, read the instructions, before you do anything.

 

I already told people not to use my VFEmail address. I think I'll leave it that way for now.

Edited by Pete!
  • Like 1
Link to comment
Share on other sites

The VF in VFEmail stood for "virus free". "Back in the day" they were one of the only ones advertising free email with virus scanning.

 

They also provided a non-standard SMPT port at a time when most ISPs blocked port 25. That was a good feature back in the days of 'free dial-up' when people were constantly changing ISPs, or using more than one ISP to get around time limits some of them imposed.

  • Like 1
Link to comment
Share on other sites

securitybreach

The VF in VFEmail stood for "virus free". "Back in the day" they were one of the only ones advertising free email with virus scanning.

 

They also provided a non-standard SMPT port at a time when most ISPs blocked port 25. That was a good feature back in the days of 'free dial-up' when people were constantly changing ISPs, or using more than one ISP to get around time limits some of them imposed.

 

I was around and on computers back then but I generally used compuserv or prodigy and then earthlink later on.

Link to comment
Share on other sites

Cluttermagnet
Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users.

Source: https://krebsonsecur...astrophic-hack/

 

Looks like they tried to wipe more.

Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in The Netherlands.

 

The Krebs article was fascinating. Thanks, Liz! I read the comments

all the way to the end. My reaction- the commenter who suggested

someone was trying to eliminate evidence may have nailed it. A lot

of that going on in recent years. But the usual problem is that so many

'crumbs' are left scattered around when someone tries to eradicate

records. Probably a lot of emails locally cached in individual

desktops and servers. It would be difficult but not impossible to

partially recover some small part of the whole. Perhaps one would

start with a complete list of subscribers to that service (if one still'

exists!) It strikes me that no one short of a major govt investigative

agency would have the resources, however. Sound likes some actor-

and I'm betting state actor here- felt they needed to put a stake through

the heart of this service, especially as they assessed that it would

be fairly easy and thoroughly devastating to do so. While not ruling

out sheer malice here, it sounds like a far deeper and more

sinister purpose was in play IMO... Yikes! Was that service really

set up that shaky and vulnerable?

 

Clutter

  • Like 1
Link to comment
Share on other sites

securitybreach

I agree with your assessment Clutter :thumbsup:

 

Well except for this part:

It strikes me that no one short of a major govt investigative agency would have the resources

 

I think that would be the opposite as its easier for a private organization to pull together resources as they do not have to deal with all the red tape and inter-agency problems.

  • Like 1
Link to comment
Share on other sites

.........Perhaps one would start with a complete list of subscribers to that service (if one still'

exists!) ......

I suspect that they do. All it took to re-create my account (without the contents) was logging into the webmail, on the "nl101.vfemail.net" server. They had (at least) the usernames and passwords left.

 

However, users of the free accounts really had no reason to use their real names and addresses when registering.

  • Like 1
Link to comment
Share on other sites

Cluttermagnet

I agree with your assessment Clutter :thumbsup:

 

Well except for this part:

It strikes me that no one short of a major govt investigative agency would have the resources

 

I think that would be the opposite as its easier for a private organization to pull together resources as they do not have to deal with all the red tape and inter-agency problems.

 

Ahhh, point well taken... Yep, I think you're right about that!

  • Like 1
Link to comment
Share on other sites

Hello,

 

I think a state actor would be more targeted; their modus operandi is usually to slip in unnoticed, and make changes so that it seems they were never there. This seems, not clumsy, but, well, attention-generating. It may have been an act by a commercial entity in an attempt to cover their tracks, or an attempt of some sort to send a message, although what that might be and who it was for may never be known.

 

Regards,

 

Aryeh Goretsky

 

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

I was unable to login this morning, neither by webmail nor email client.

The "Incident page" doesn't have any entries newer than 2/17/19, so I don't have a clue about what happened.

Link to comment
Share on other sites

I was unable to login this morning, neither by webmail nor email client.

 

I experienced the same thing yesterday morning with their webmail. It came back online later in the day and seems to be working fine today.

Link to comment
Share on other sites

Yes, it's wo

I see there are 2 login pages

https://www.vfemail....orde5/login.php

https://www.vfemail.net/roundcube/

 

did you try both?

Actually (depending on how you count) five ways. I tried webmail on the both servers, both ways each.

I also have Thunderbird set up for their new server. Since the webmail didn't work on either server, I didn't try changing it back to the old server, I'm not counting on it anymore, so my interest was only curiosity.

 

[i experienced the same thing yesterday morning with their webmail. It came back online later in the day and seems to be working fine today.

Yes it's working now. Both Horde5 and RoundCube on the web as well as via the Thunderbird client (all using nl101.vfemail.net).

There are NO new entries on the "incident page".

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...