IT management software company SmarterTools fell victim to a ransomware attack through an unpatched instance of its SmarterMail email server.

The incident occurred on January 29 and impacted the company’s office network and a data center hosting quality control testing systems, SmarterTools’ portal, and its Hosted SmarterTrack network.

The company’s website, shopping cart, My Account portal, and other services were not affected, as they were hosted on a different network.

The point of entrance, SmarterTools CCO Derek Curtis has revealed, was a VM running an unpatched instance of the company’s SmarterMail product. Hackers compromised the mail server and moved laterally to the Windows servers they could find on the data center, compromising 12 of them.

“When we first noticed the breach, we instantly shut off all servers at the two locations and we disabled all internet until we completely evaluated all aspects of the breach and either eliminated servers and/or restored servers to be safe,” Curtis explained.

Because the hackers only targeted Windows systems, SmarterTools eliminated as many as it could and removed Active Directory services from its environment, while resetting passwords across the network.