Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server
Summary
SmarterTools confirmed a breach of their network by the Warlock ransomware group (aka Storm-2603) on January 29, 2026. The breach occurred due to an unpatched SmarterMail instance. Approximately 30 servers/VMs were impacted.
IFF Assessment
The breach of SmarterTools via ransomware is bad news for defenders as it highlights the risk of unpatched software.
Severity
Defender Context
This incident underscores the critical importance of timely patching and maintaining up-to-date software versions to prevent ransomware attacks. Defenders should prioritize vulnerability management and implement robust monitoring and alerting systems to detect and respond to suspicious activity. The increasing targeting of widely-used software like SmarterMail makes these types of attacks a significant threat.