Last updated 1 week ago
On January 29, 2026, the Warlock ransomware gang (also tracked as Storm-2603) breached SmarterTools' network by exploiting an unpatched instance of the company's SmarterMail email server software. The company's Chief Commercial Officer, Derek Curtis, confirmed the incident, stating that the compromised server had not been updated to the latest version. The breach led to the encryption of approximately 30 servers and virtual machines. SmarterTools publicly disclosed the incident on February 8, 2026, after containing the attack and initiating recovery procedures. The company emphasized that no customer data was exfiltrated, though operational disruption occurred due to the ransomware encryption.
Exploitation of an unpatched SmarterMail server instance
Failure to apply security patches promptly on internet-facing servers (specifically the SmarterMail instance) allowed the initial compromise. Recommendations include implementing a rigorous patch management program with defined SLAs for critical systems, enhancing network segmentation to limit lateral movement, and deploying endpoint detection and response (EDR) solutions to identify and contain ransomware activity earlier.
Company
Industry
Location
Discovered
Disclosed
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor