US email provider wiped out by hacker
Company has its entire infrastructure remotely formatted


US-based email provider VFEmail.net has been the victim of a catastrophic cyber attack, as unknown hackers destroyed its entire infrastructure for no apparent reason.
In chilling messages posted to VFEmail's Twitter account last night, the provider warned that all of its external-facing systems across multiple data centres had gone offline.
Two hours later, VFEmail revealed that the attacker had been caught formatting the company's backup server, lamenting "I fear all US based data may be lost".
Shortly afterwards, the account confirmed via Twitter that "all the disks on every server" had been erased, virtually wiping out the company's entire infrastructure overnight. In an alert status posted during the attack, the company warned it had "suffered catastrophic destruction".
The motivation behind the attack is currently unclear. There was no ransom demand, and the perpetrator did not appear to be interested in stealing any data; the company confirmed to one concerned customer that although the data was encrypted, "it doesn't matter. They just formatted everything".
The company also noted in a tweet that all its VMs were destroyed even though they used different authentication, suggesting that the perpetrator may have been operating with inside information.
The individual behind the company's Twitter account mooted the possibility of recovering the single file server that they caught the hacker formatting, but warned that "most of the infrastructure is lost".
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Ian Thornton-Trump, IT Pro panellist andEMEA head of cyber security for AmTrust International, compared the incident to the2014 attack on code-hosting service Code Spaces.
"They got nuked so bad they went out of business," he said. "This is business destruction at cloud speed. I will bet money they did not have MFA on the privileged accounts and/or a vulnerability management program in place."
"The thing that does make me sympathetic," he continued, "is this attack could happen to any '100% cloud' business. So figure out your plan to recover or not get hit in the first place - do yourself a favour, the customers a favour and the regulator a favour: take the security seriously before you find out just how bad your security is from a free pentest."
VFEmail's website is currently inaccessible, and the full status of its customer-facing services is unknown. IT Pro has reached out to VFEmail for more information on the potential motivation behind the hack and its current status, and will update this story as it develops.
Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.
Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.
You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.
-
How to implement a four-day week in tech
In-depth More companies are switching to a four-day week as they look to balance employee well-being with productivity
-
Intelligence sharing: The boost for businesses
In-depth Intelligence sharing with peers is essential if critical sectors are to be protected
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?
News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problem
News More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
Edge devices are now your weakest link: VPNs, firewalls, and routers were the leading source of initial compromise in 30% of incidents last year – here’s why
News Compromised network edge devices have rapidly emerged as one of the biggest attack points for small and medium businesses.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to know
News Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-days
News The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claim
News Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerability
News A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Billions of IoT devices will need to be secured in the next four years – zero trust could be the key to success
News Researchers have warned more than 28 billion IoT devices will need to be secured by 2028 as attacks on connected devices surge.