Is email on an Exchange server safe from ransomware?

computerlarry
computerlarry used Ask the Experts™
on
Users have their Exchange mail accounts hosted with the Intermedia company, and connect with Exchange on Windows, Activesync on Mac.

If their computers are attacked by ransomware:
Will their ost/pst files be encrypted on Windows?
Will Mac files be encrypted?
Will the local copies of mail be encrypted and somehow replace the versions on the Exchange server?

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You should be fine with anything on exchange (the OSTs are just caches), but local PSTs or other files could be encrypted, so if you have local archives be sure to keep them backed up.
Commented:
- While PST files are not a target YET, if they're on the hard disk (not in use by Outlook), they will be in danger indeed. While mounted in Outlook, it's not possible to encrypt it (file is locked).
- Cryptoware on Mac has recently been released, so they're not that safe anymore either.
- changing emails is a technical possibility (and hence, the changes are replicated back to the Exchange server), but not the focus YET.

As ransomware makers earn enough money already, I don't think they will add more complexities to their programming (both the encryption and decryption routines, and now you suddenly have to keep track which email you have to decrypt)
Top Expert 2016
Commented:
ransomware authors can simply add .pst to their list of files to encrypt if they are not already just doing a *.* encrypt. Any file that the computer/user has access to can be affected. They're starting to get quite nasty and removing shadow copies and other work arounds for retrieving files.  I guess they read http://www.bleepingcomputer.com just as we do.
actually surprise.exe does look for .pst files.

Email is usually used as a conduit to get the software onto your system, but it also can be a target.
The easiest way to avoid ransomware is to not click on unknown documents or links.  You should have one set of offline and/or offsite backups that you can recover from, in case you do get hit by ransomware.  That way you can at least recover some of your data in case they encrypt your online, networked backup files too.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial