Is email on an Exchange server safe from ransomware?

Users have their Exchange mail accounts hosted with the Intermedia company, and connect with Exchange on Windows, Activesync on Mac.

If their computers are attacked by ransomware:
Will their ost/pst files be encrypted on Windows?
Will Mac files be encrypted?
Will the local copies of mail be encrypted and somehow replace the versions on the Exchange server?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Uptime Legal SystemsCommented:
You should be fine with anything on exchange (the OSTs are just caches), but local PSTs or other files could be encrypted, so if you have local archives be sure to keep them backed up.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KimputerIT ManagerCommented:
- While PST files are not a target YET, if they're on the hard disk (not in use by Outlook), they will be in danger indeed. While mounted in Outlook, it's not possible to encrypt it (file is locked).
- Cryptoware on Mac has recently been released, so they're not that safe anymore either.
- changing emails is a technical possibility (and hence, the changes are replicated back to the Exchange server), but not the focus YET.

As ransomware makers earn enough money already, I don't think they will add more complexities to their programming (both the encryption and decryption routines, and now you suddenly have to keep track which email you have to decrypt)
David Johnson, CD, MVPRetiredCommented:
ransomware authors can simply add .pst to their list of files to encrypt if they are not already just doing a *.* encrypt. Any file that the computer/user has access to can be affected. They're starting to get quite nasty and removing shadow copies and other work arounds for retrieving files.  I guess they read just as we do.
actually surprise.exe does look for .pst files.

Email is usually used as a conduit to get the software onto your system, but it also can be a target.
The easiest way to avoid ransomware is to not click on unknown documents or links.  You should have one set of offline and/or offsite backups that you can recover from, in case you do get hit by ransomware.  That way you can at least recover some of your data in case they encrypt your online, networked backup files too.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.