An unidentified threat actor has managed to cause “catastrophic destruction” to the infrastructure of US email provider VFEmail by breaking into the firm’s systems and wiping customer email data going back 18 years, together with all backup copies. Since the attacker did not reach out to the company and did not leave a ransom note, the company believes the motive was to “just attack and destroy.”

The complete devastation caused by the attack has security experts questioning the disaster recovery strategy in place at VFEmail. For instance, offline ‘cold storage’ data backups could have prevented the attacker from permanently deleting all information.

Read more: Devastating Cyberattack on Email Provider Destroys 18 Years of Data