A web hosting provider in the Netherlands suffered a catastrophic outage on all its services on Sunday 11 June after most of its servers were wiped, allegedly by an ex-employee.
Verelox, based in the Hague, is a provider of dedicated Linux kernel-based virtual machine (KVM) and virtual private servers. According to posts made by the company on several public web hosting forums (first spotted by Bleeping Computer), the company's services have completely gone down and its users are currently unable to access their servers.
"First of all, we want to offer our apologies for any inconvenience. Unfortunately, an ex-administrator has deleted all customer data and wiped most servers. Because of this, we took the necessary steps to temporarily take our network offline," says the message, which has replaced Verelox's usual website homepage.
A huge catastrophe only narrowly averted
On Sunday, the company initially feared the worst, stating in forum posts and on the website, "We have been working hard to recover the data but this was not possible for all data that was lost."
This could have been the death knell for Verelox, but thankfully 24 hours later the firm says that it did not lose any important data, and all its cloud nodes located in the Netherlands, Canada, France and the US are back online.
"Our network and hosting services will be back this week with security updates. Current customers who are still interested in our services will receive compensation for their services. If clients have important data please contact us at firstname.lastname@example.org. We will try our best with our technical team to recover your data," the firm confirmed on its website.
Verelox is advising that all customers change their server passwords immediately. All of the virtual machines have been uploaded to a new server and a new control panel and website will soon be available. The firm is continuing to work on solutions to IPv6 server issues.
Employee sabotage is becoming a rising trend
While the intent of the ex-administrator has not been established in this situation, the Verelox incident is just the latest in an increasingly worrying trend whereby disgruntled employees that have left an organisation can easily sabotage its operations by bringing down computer networks.
In April, Allegro Microsystems in the US sued ex-IT administrator Nimesh Patel for allegedly installing "time bomb" malware that went off just after the start of the new financial year to deliberately sabotage financial data so that his former employer would not be able to complete its year-end audit.
And recently, a DevOps software engineer working for international securities firm KCG Holdings was caught stealing proprietary source code from the company's trading platform, and sending it quietly to his own server.