Warlock Ransomware Group Compromises SmarterTools Network

The Warlock ransomware group (also known as Storm-2603) has compromised the network of SmarterTools by exploiting an unpatched instance of SmarterMail. The incident occurred on January 29, 2026, when a mail server that was not updated to the latest version was compromised, according to Derek Curtis, the Chief Commercial Officer of the company. Before the breach, SmarterTools had approximately 30 servers/VMs.