Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Tuesday February 12 2019, @08:48PM   Printer-friendly
from the did-they-try-photorec? dept.

Hackers have breached the severs[sic] of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers' data in the process.

The attack took place yesterday, February 11, and was detected after the company's site and webmail client went down without notice.

"At this time, the attacker has formatted all the disks on every server," the company said yesterday. "Every VM is lost. Every file server is lost, every backup server is lost."

"This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy," VFEmail said.

[...] Back in November 2015, VFEmail was one of the many online email providers that were targeted by Armada Collective, a group of hackers who demanded ransom payments from victim companies to stop ongoing DDoS attacks.

There were servers in the US and in Europe; I think US users really means all users except the ones in the Europe server.

Hackers wipe US Servers of Email Provider VFEmail
Email Provider VFEMail’s US Servers Wiped by Hackers
VFEmail twitter account


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by choose another one on Tuesday February 12 2019, @09:44PM (5 children)

    by choose another one (515) Subscriber Badge on Tuesday February 12 2019, @09:44PM (#800348)

    It's perhaps more that anything "online" is merely replication, and replication is not backup.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 1) by warsen on Wednesday February 13 2019, @03:59AM (2 children)

    by warsen (7321) on Wednesday February 13 2019, @03:59AM (#800483)

    Umm no, well not always. I admit I don't know much about *enterprise* backup, but at the individual level at least there are excellent tools like borgbackup that can be both online (you do need a server on which you can install borg I suppose), and encrypted, and maintains history. And that's pretty recent; there are so many others (rdiff-backup, duplicity, come to mind).

    I've also heard of things like Amanda and so on, for backing up several systems. I can't believe they're all just replication.

    With all this, I am pretty sure, even if that was a Windows shop (say), that there are several "enterprise class" backup products that do all the right things.

    Nope; these guys were just lazy and/or penny-pinching.

    • (Score: 2) by Mykl on Wednesday February 13 2019, @04:38AM (1 child)

      by Mykl (1112) on Wednesday February 13 2019, @04:38AM (#800493)

      Unless they were doing all of this and the hacker just logged directly into the backup server and wiped it from there...

      • (Score: 2) by choose another one on Thursday February 14 2019, @09:49AM

        by choose another one (515) Subscriber Badge on Thursday February 14 2019, @09:49AM (#800923)

        This is the problem.

        Any backup system connected to the server being backed up, can therefore be accessed from that server. Some work the other way, with an agent running on the backup side contacting the server to get it's data - but those sort of systems are more normally used for backing up lots of client (i.e. desktop, laptop) systems.

        Even if the credentials for accessing the remote backup service are _not_ discoverable on the server, the config maybe and that may well be enough. Online backup stores ten previous backups? - wipe server, initiate 10 backup jobs, oops, "backups" gone...

        "online" is live, connected, and accessible from the compromised server, and therefore very vulnerable to attack.

        "offline" (someone his to physically go get media from the vault) cannot be attacked from the comped server, must be attacked separately, which massively increase the attack complexity (to achieve a simultaneous wipe of everything). Still not impossible (ask Mr Robot...) - but a lot harder.

  • (Score: 2) by driverless on Wednesday February 13 2019, @07:36AM (1 child)

    by driverless (4770) on Wednesday February 13 2019, @07:36AM (#800526)

    Mmmm, I dunno. Tried to back myself up once and all I got were three ungrateful brats.

    • (Score: 2) by bob_super on Wednesday February 13 2019, @05:43PM

      by bob_super (1357) on Wednesday February 13 2019, @05:43PM (#800664)

      Maybe it was just a replication. Ask your mom.