In what may be one of the most devastating attacks in recent history, email provider VFEmail is working through the aftermath of a massive cyberattack and is indicating that 18 years’ worth of its user’s email data is lost forever. The attack seems to have reformatted the volumes in all of VFEmail’s US servers, including the volumes of backup servers. The virtual machines used by VFEmail were different operating systems, and the company claims that authentication into each machine was different.
The hack is more than a compromised operating system. It seems the attacker was able to gain access at a very low level. Based on the VFEmail incident page it seems like that the company had no off-line backup.
VFEmail is not the first company to suffer this type of catastrophe. Remember a cloud based company called Code Spaces? They were a cloud based company with all their assets in the cloud, including their backups. But a hacker gained access to their cloud account and wiped out all their data and backups as well. They were never able to recover and went out of business.
This incident raises the problem once again of living in a disk only world and strengthens our argument of why tape, especially for large organizations and the cloud, must be part of the overall data protection strategy. Disk vendors and object storage vendors are quick to point out that a read-only file system or volume can also prevent this type of attack. Not so fast! It appears that the attacker compromised the VFEmail environment at a system level. Imagine someone gaining access to an organization’s storage system at its lowest level. It doesn’t matter if the administrator set the volume to read-only; the attack bypasses OS level security and reformats all disk (or flash) drives regardless of what is on them or how they are set up.
Another position of disk-based vendors is that they could replicate the data between two systems or to the cloud. While that extra step should make it harder for the organization to suffer data loss, this attack is evidence that bad actors go to great lengths to do damage to an organization’s systems. VFEmail’s primary AND backup servers were wiped out. They may have all been in the same location, but it seems this attacker was sophisticated enough and had the right level of access so that moving the attack to another site or into the cloud was within their capabilities.
The only protection from this type of attack is a secure off-line copy of data. The most viable candidate for that use case is tape media. The company lost 18 years’ worth of data, and even if it only performed one tape backup per year it would at least have been able to recover 17 years’ worth of data.
It is hard to estimate the cost in dollars for VFEmail, but it is relatively safe to assume that they will no longer be in business afterward. One would assume that if they were in business for 18 years that they were making, at least some, profits.
Vendors and analysts have questioned tape’s role in the backup process, relegating, at best to an archive only technology. The reality is that now more than ever, tape media should play a vital role in the data protection process, even if that role is the backup of last resort, which would have saved VFEmail their business. However, as we explain in the video below, tape can play a much more active role in backup, in addition to just being the backup of last resort.