- SmarterTools affected by Warlock ransomware exploiting CVE-2026-23760 in SmarterMail
- The breach affected the office network and data center, but business applications and account data remained secure
- The company patched a vulnerability, abandoned Windows servers and removed Active Directory to prevent a recurrence
US software company SmarterTools confirmed it was hit with ransomware, but said the attack did not affect its business applications or account data.
In a data breach notification posted on the company’s website, Chief Business Officer Derek Curtis said the company failed to update a server, which was later compromised due to a known vulnerability.
“Prior to the breach, we had approximately 30 servers/VMs with SmarterMail installed across our network. Unfortunately, we were unaware that one VM, configured by an employee, was not being updated. As a result, that mail server was compromised, leading to the breach,” Curtis explained.
Linux and Windows
The vulnerability in question, according to BleepingComputer, is CVE-2026-23760, an authentication bypass flaw in SmarterMail before build 9518 that allows resetting administrator passwords and gaining full privileges.
Curtis also said SmarterTools isolates its networks in the event of a breach, which allowed its website, shopping cart, My Account portal and other services to remain online while the issue was fixed. “None of our business applications or account data was affected or compromised,” he added.
It was further explained that the office network and a data center where most of the quality control work is done were affected.
CyberInsider said the breach was attributed to the Warlock ransomware gang, reportedly famous for attacking Microsoft-based infrastructure. This group appears to have attacked SmarterTools with a Windows-based encryptor, while most of the infrastructure was on Linux.
“Because we are now primarily a Linux company, only about 12 Windows servers appeared to be compromised, and on those servers, our virus scanners blocked most of the efforts,” Curtis also said. “None of the Linux servers were affected.”
To ensure there is no sequel, SmarterTools abandoned Windows entirely, wherever it could, and no longer uses Active Directory services (which criminals used to move laterally across the network).
Those of you running SmarterTools and worried about being next should make sure to update to build 9518 (January 15) to fix the vulnerability. Build 9526, released on January 22, complements the fixes with additional improvements.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
