A hacker gained access to US VFEmail servers attacking and destroying data contained within. Their destruction affected 18 years’ worth of customer emails and included data held in all file and backup servers. One longtime user from Florida, John Senchak, had 60,000 emails going back a decade, wiped from his inbox and outbox.
The motive remains unclear as to why the hacker targeted VFEmail but the evidence so far shows it was to destroy data. VFEmail, an email service provider, primarily in the US, issued the following statement:
“This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can,”
The attack, which occurred earlier this week targeted externally facing servers across the data centres. The hacker managed to gain access to each operating system and bypassed various authentication measures, changing it all to the same details. The unidentified hacker also attacked VFEmail’s server based in the Netherlands. VFEmail discovered the attack at this point and consequently kicked the hacker out of the system. The IP address traced back to a service provider in Bulgaria. Restoration efforts took place, and by Monday afternoon the servers were back up and running and paid customers were receiving emails.
Organisations can put measures in place to mitigate the impact of such attacks
Cases like this are a wake-up call for organisations to ensure business continuity plans are in place with set procedures for circumstances like this that can occur. Businesses should aim to both risks assess threats to the company and carry out business impact assessments to examine and put appropriate procedures in place to bring business back to the point of normality having a little impact as possible. Preserving the availability of data is crucial to maintaining the security of data assets. Process and procedures should be mapped out for both business continuity and disaster recovery. Methods such as offline backups is an example of controls organisations need to ensure are in place following assessments. This is already a standard control in place by companies to mitigate the impact of ransomware. Testing these procedures will also allow organisations to see how effective the measures are.