Hackers have breached the severs[sic] of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers' data in the process.
The attack took place yesterday, February 11, and was detected after the company's site and webmail client went down without notice.
"At this time, the attacker has formatted all the disks on every server," the company said yesterday. "Every VM is lost. Every file server is lost, every backup server is lost."
"This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy," VFEmail said.
[...] Back in November 2015, VFEmail was one of the many online email providers that were targeted by Armada Collective, a group of hackers who demanded ransom payments from victim companies to stop ongoing DDoS attacks.
There were servers in the US and in Europe; I think US users really means all users except the ones in the Europe server.
Hackers wipe US Servers of Email Provider VFEmail
Email Provider VFEMail’s US Servers Wiped by Hackers
VFEmail twitter account
(Score: 5, Insightful) by choose another one on Tuesday February 12 2019, @09:44PM (5 children)
It's perhaps more that anything "online" is merely replication, and replication is not backup.
(Score: 1) by warsen on Wednesday February 13 2019, @03:59AM (2 children)
Umm no, well not always. I admit I don't know much about *enterprise* backup, but at the individual level at least there are excellent tools like borgbackup that can be both online (you do need a server on which you can install borg I suppose), and encrypted, and maintains history. And that's pretty recent; there are so many others (rdiff-backup, duplicity, come to mind).
I've also heard of things like Amanda and so on, for backing up several systems. I can't believe they're all just replication.
With all this, I am pretty sure, even if that was a Windows shop (say), that there are several "enterprise class" backup products that do all the right things.
Nope; these guys were just lazy and/or penny-pinching.
(Score: 2) by Mykl on Wednesday February 13 2019, @04:38AM (1 child)
Unless they were doing all of this and the hacker just logged directly into the backup server and wiped it from there...
(Score: 2) by choose another one on Thursday February 14 2019, @09:49AM
This is the problem.
Any backup system connected to the server being backed up, can therefore be accessed from that server. Some work the other way, with an agent running on the backup side contacting the server to get it's data - but those sort of systems are more normally used for backing up lots of client (i.e. desktop, laptop) systems.
Even if the credentials for accessing the remote backup service are _not_ discoverable on the server, the config maybe and that may well be enough. Online backup stores ten previous backups? - wipe server, initiate 10 backup jobs, oops, "backups" gone...
"online" is live, connected, and accessible from the compromised server, and therefore very vulnerable to attack.
"offline" (someone his to physically go get media from the vault) cannot be attacked from the comped server, must be attacked separately, which massively increase the attack complexity (to achieve a simultaneous wipe of everything). Still not impossible (ask Mr Robot...) - but a lot harder.
(Score: 2) by driverless on Wednesday February 13 2019, @07:36AM (1 child)
Mmmm, I dunno. Tried to back myself up once and all I got were three ungrateful brats.
(Score: 2) by bob_super on Wednesday February 13 2019, @05:43PM
Maybe it was just a replication. Ask your mom.