Home / Technology / SmarterTools Recovers from Ransomware, Shifts to Linux
SmarterTools Recovers from Ransomware, Shifts to Linux
11 Feb
Summary
- Unpatched server vulnerability led to ransomware attack.
- SmarterTools ditched Windows servers and Active Directory.
- No business applications or account data were compromised.
SmarterTools, a software company, has confirmed it was the target of a ransomware attack. The incident was attributed to an unpatched vulnerability in a SmarterMail server, specifically CVE-2026-23760, which allowed for authentication bypass and full administrator privileges. This vulnerability was present in versions prior to Build 9518.
The company's Chief Commercial Officer, Derek Curtis, stated that one overlooked virtual machine, not being updated, was the entry point. This led to a breach affecting the office network and a data center. The Warlock ransomware gang is suspected to be behind the attack.
In response, SmarterTools has taken decisive action to prevent recurrence. They have migrated away from Windows servers and have discontinued the use of Active Directory services, which were exploited for lateral movement within the network. The company emphasized that its website, shopping cart, and other critical services remained operational throughout the incident.
