Only the best business plans have an exit strategy when the business has exceeded it's design and needs to be closed. This company probably didn't have in mind what happened to them.
For those of you who read the article I'm curious what you think of the incident. I think it had to be a disgruntled employee. What do you think?
Clearly, who ever did it has inside information. Could have been operating inside.
Motive is unclear. Maybe a disgruntled employee, or someone else wanting to hurt the company. Strange they didn't want to extort money from them.
My little brother didn't trust GMail, so almost all of his various email addresses/accounts were on VFEmail.net. I guess I'll have to wait until he sends me a message from some new platform 🙂
(Possibly one of the reasons I have multiple accounts on at least six different platforms ...)
(On at least two continents 🙂
"Disgruntled employee" sounds likely, particularly since the different servers had different authentications. (Finding someone who had all those authentications shouldn't be hard.)
On the forum, someone said that the story set off all his conspiracy theory alarms. He also posited that, if you had broken into a system and were using it for other attacks, you might just flatten the thing on your way out, to destroy any evidence. Hacked systems are just so cheap, these days.
The fact that no ransom was demanded is also another possible indicator of "disgruntled employee." Which brings me to my recommendation for ransomware and many, many other forms of attack: backup.
Backup, backup, backup.
The oldest protection in the book, possibly the most effective, and the one that everyone has (mostly invalid) reasons that they don't use.
Yes, I know the backup servers were formatted as well. That just means you use other forms of backup.
I've got an external drive that's semi-permanently attached and running a Windows backup program. It's supposed to backup any changes every fifteen minutes. I don't really trust it, but I've recovered stuff off it occasionally. I don't really trust it because it's attached. Like in the VFEmail case, I figure if I can get at it without plugging in cables, so can the bad guys. I figure the same goes for other machines on the LAN or online or cloud drives or storage systems. I do keep my "current" presentations on Google Drive, just in case.
The one I really rely on is an old Passport drive. I have to plug it in to make a backup. I do it sporadically, and probably not as frequently as I should, but it's been surprisingly effective. That drive is, itself, backed up on to external and non-connected laptops. (Well, at this point, laptop. It's on the Windows laptop. It used to be on the Mac as well, but the Mac had a corruption breakdown recently, and I replaced the drive. Since I keep all my old drives [hey, I'm an old malware researcher, and I've got samples and zoos all over the place, so just sending them to recycling would be a bit irresponsible] then I guess it is still backed up on a very external drive.)
I got a "credit card" USB drive at a show, recently, and I keep it in my wallet. It's pig slow, so I don't do backups on it as much, but I do keep my current presentations on it, and, at the moment as I writing this, I'm backing up all my email onto it.
OK, this is all just to back up my own stuff, and I couldn't keep masses of corporate data in my wallet. (Although it's surprising how much of the most important stuff you can put on there.) But the point is the same: backups can save your backside, and a little thought and imagination is more important than million dollar contracts on remote hot sites.
It could have been a cover up for something else going on internally to protect the integrity of the organisations business or associates?
OK, this story still needs some work. My brother, who I mentioned has lots of VFEmail accounts, says that, while he lost email sent/received during a certain period, can access his (new) email, although only via Web access ...
Securing backups often involves keeping them offline --- that way, you have to access them physically to do any damage. If all this has been the result of an attacker 'formatting everything' --- as was described --- then it's clear that the company's security was lax. We could have a disgruntled employee working by himself, an outsider having an accomplice on the inside, or else an outsider taking advantage of bad security.
Motivations can vary: if there's no ransom demand, it's not necessarily a disgruntled employee --- it might be an external party who's been well compensated by a competing organisation, or perhaps even someone who doesn't treasure financial benefits...
Also, an organization might be more likely to claim it's been the victim of cyber-attacks, rather than admit that its infrastructure was so poorly secured that internal factors were to blame.