Unknown attackers have breached the servers of VFEmail and have wiped disks on every one of its US-based servers, the email provider has confirmed. It doesn't look good, though: Romero told Brian Krebs that he doesn't have very high expectations of getting any U.S. data back.
The Wisconsin-based company has been serving businesses and consumers since 2001.
It is rare that hackers take steps to wipe out an entire company's data.
This was the case of the Phantom Squad DDoS extortionist group which sent 0.2 Bitcoin ransom demands to thousands of companies all over the world during September 2017.More news: Bill Cosby's spokesman says the comedian thinks prison is an 'amazing experience'
Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company's mail servers in The Netherlands.
"Every VM (virtual machine) is lost.Every file server is lost, every backup server is lost", the company reported on Twitter, later adding, "There was no ransom". "Just attack and destroy", he wrote.
Reached by KrebsOnSecurity on Tuesday morning, Romero said he was able to recover a backup drive hosted in The Netherlands, but that he fears all of the mail for USA users may be irreparably lost.
In an update posted on the company's website, Romero wrote that new email was being delivered, and that efforts to restore any data possible would continue. "Yes VFEmail is effectively gone".More news: Kashmiri ode to ‘Game of Thrones’ included in official tribute anthem
According to VFEmail's owner, the hackers did not leave a ransom note and, given the extent of the destruction, the service will most likely go offline to never return.
Who was behind the attack, and how it was pulled off isn't entirely known. "If those controls were in place, an operation that deviates from trusted behavior would have raised the friction toward the attackers and provide immutable logs showing that the attack was in progress, allowing VFEmail to react quickly and potentially stop the breach before data was destroyed". That's because the company's servers used different login credentials and the passwords were not recorded on board.
"At this time I am unsure of the status of existing mail for USA users", Romero wrote.
VFEmail also warned its US users not to try and make their own email client work with their VFEmail otherwise they could lose all their local mail. "If you reconnect your client to your new mailbox, all your local mail will be lost".More news: Retail inflation cools further to 2.05% in January on easing food prices
And while VFEmail's primary website is back online, its secondary sites aren't and the email service it's now offering is in a partially-recovered state can't offer anything like spam filters or subfolders.