Some cyber attacks are so disastrous that there’s no coming back from them. Email provider VFEmail worried that was the case when it said a hacker caused “catastrophic destruction” on Monday by destroying all data on U.S. servers, as well as the backup systems.
On Monday morning, after VFEmail’s site, servers, and webmail client went down, VFEmail tweeted:

This is not looking good. All externally facing systems, of differing OS’s and remote authentication, in multiple data centers are down.
— (@VFEmail) February 11, 2019
A few hours later, VFEmail said it caught a hacker trying to format a backup server:

Caught the perp in the middle of formatting the backup server:dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null aktv@ -R -N
— (@VFEmail) February 11, 2019
VFEmail then tweeted, “I fear all US based data may be lost.” The unknown attacker had wiped all the disks on every server:

At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. NL was 100% hosted with a vastly smaller dataset. NL backups by the provideer were intact, and service should be up there.
— (@VFEmail) February 11, 2019
The hacker was out for blood — “just attack and destroy.”

Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.
— (@VFEmail) February 11, 2019
In one fell swoop, an attacker had destroyed VFEmail’s “entire infrastructure.” As for the “scary part,” Romero tweeted:

Not ‘A’, an entire infrastructure.Mail hasts, VM hosts,sql server cluster, hosted vms.If they all had one password, sure, but …

Go to Source


Comments are closed.