Mail2World Ransomware – Buckeye Broadband Outage Update

Mail2World Ransomware – Buckeye Broadband Outage Update

Today, this is going to be an update to the Buckeye cable company, the Buckeye Broadband ransomware attack or mail outage, where their customers' email were down due to ransomware. At the time, there was no knowledge of who their host was and that news surfaced before it was really known. Now, people know who the host is, and it's affecting a lot more than just Buckeye Broadband customers. Let's talk about this, who the web host is, what's going on and how many customers this could potentially be impacting with mail outages, so let's jump into it.

As you know, customers who subscribe to their email service or use, it was bex.net as their email extension. Unfortunately, their email's been down for a while now, almost a week. Also, it’s basically because they outsource this email service to another company and that company's name is Mail2World and they are actually under a ransomware attack.

The interesting thing is that there’s not a lot of information out about this and it's a pretty big deal. It happened on January 12th and they thought they were going to have everything restored by January 13th. Fast forward to now January 17th and they still don't have the email services back up and running. This is the company Mail2World, they were founded in the year 2000 and they support email hosting services for companies across the United States and millions of mailboxes globally.

So, we have millions of people who don't have their email right now, don't have access to it. In the case of Buckeye Broadband, they were using Buckeye Broadband's email service to operate their email for their business and they didn’t have access to it for four days. It's now going on seven days now for them since they've reached out.

This Mail2 host is a large, established email provider. They have security experts and systems in place and are working with government authorities to resolve this situation as soon as possible. They are under a ransomware attack and the biggest thing is, is that they are telling all their customers that, "No data has been stolen." Don’t know how they really know this. Actually, it’s too early to tell. It's too early to tell if data has really been stolen, if these guys were able to take these databases or customer emails.

Maybe it was too much. Maybe they just decided to encrypt the system and take the systems down knowing that they'll get paid because the email isn't working. But the reality of it is, is that ransomware got onto the email servers of this company, which is basically the operations of this company. Let’s take a look at Colonial Pipeline quickly. They were attacked, but it didn't attack the systems that delivered the oil or that were responsible for moving the oil from point A to point B so the impact wasn't as great.

If you look at this attack or you look at maybe the Kronos attack as a more recent attack, where this actually impacted the services that they use, the operations of their business. These tend to stay down a lot longer than a normal ransomware attack where it doesn't affect operations. Why that is, there's a lot of different reasons. Right?

At the end of the day, they were able to encrypt at least the operational functions of their business. Whether or not they were able to off-lift the databases in the areas of the systems that hold the emails for all the customers, that's unknown yet. To guess it would be that's a lot of data, so they probably made just a judgment call or business call to say, "Hey, it's not worth it for us to offload this. If we interrupt the service that they make money off of, that's good enough leverage for us to get paid here."

That might be what happened or we might find out that they have a treasure trove of emails of customers for this Mail2World company that serves millions of people a mailbox. It's going to be really hard to tell to know, other than the fact that you can't get your email right now. It's really going to be hard to tell to know who your ISP might be using behind the scenes for email.

In a lot of cases, it's Office 365 or Microsoft. Smaller companies can outsource it to other places like Mail2World and these things can happen. These are the supply-chain types of attacks that take down one business, but have ripple effects that hurt many other people and businesses along the way.

That's where we're at today and wanted to update everybody. The Buckeye Broadband email outage is related to a ransomware attack on Mail2World and today is January 17th, 2022 and they've been down for about five days now. They thought they'd get back up in one day and they're not back up and running. Let us know if you're a Mail2World customer or you're a customer of somebody who uses Mail2World who cannot get their email, and are out of luck today and are hoping that their email gets restored as soon as possible.