Is email on an Exchange server safe from ransomware?
Users have their Exchange mail accounts hosted with the Intermedia company, and connect with Exchange on Windows, Activesync on Mac.
If their computers are attacked by ransomware:
Thanks
If their computers are attacked by ransomware:
Will their ost/pst files be encrypted on Windows?
Will Mac files be encrypted?
Will the local copies of mail be encrypted and somehow replace the versions on the Exchange server?
Will Mac files be encrypted?
Will the local copies of mail be encrypted and somehow replace the versions on the Exchange server?
Thanks
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You should be fine with anything on exchange (the OSTs are just caches), but local PSTs or other files could be encrypted, so if you have local archives be sure to keep them backed up.
- While PST files are not a target YET, if they're on the hard disk (not in use by Outlook), they will be in danger indeed. While mounted in Outlook, it's not possible to encrypt it (file is locked).
- Cryptoware on Mac has recently been released, so they're not that safe anymore either.
- changing emails is a technical possibility (and hence, the changes are replicated back to the Exchange server), but not the focus YET.
As ransomware makers earn enough money already, I don't think they will add more complexities to their programming (both the encryption and decryption routines, and now you suddenly have to keep track which email you have to decrypt)
- Cryptoware on Mac has recently been released, so they're not that safe anymore either.
- changing emails is a technical possibility (and hence, the changes are replicated back to the Exchange server), but not the focus YET.
As ransomware makers earn enough money already, I don't think they will add more complexities to their programming (both the encryption and decryption routines, and now you suddenly have to keep track which email you have to decrypt)
ransomware authors can simply add .pst to their list of files to encrypt if they are not already just doing a *.* encrypt. Any file that the computer/user has access to can be affected. They're starting to get quite nasty and removing shadow copies and other work arounds for retrieving files. I guess they read http://www.bleepingcomputer.com just as we do.
actually surprise.exe does look for .pst files.
Email is usually used as a conduit to get the software onto your system, but it also can be a target.
actually surprise.exe does look for .pst files.
Email is usually used as a conduit to get the software onto your system, but it also can be a target.
The easiest way to avoid ransomware is to not click on unknown documents or links. You should have one set of offline and/or offsite backups that you can recover from, in case you do get hit by ransomware. That way you can at least recover some of your data in case they encrypt your online, networked backup files too.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial