1

Does email syncing using MS Exchange exchange work in a similar way to Dropbox such that a change made on the local drive automatically syncs with the cloud version of that file? Or is it one way only from the cloud to the local drive?

So for example I have an OST file on my local drive which is synced to the cloud using MS Exchange. The OST file on the LOCAL drive gets encrypted by Wannacrpt. Will the email stored in the cloud also become encrypted? If yes, is it possible to roll back to previous un encrypted versions of those emails?

Anders
  • 64,406
  • 24
  • 178
  • 215
Jeremy Park
  • 31
  • 3
  • You mean local emails being encrypted, and then Exchange somehow knowing that the files are emails and syncing them? No program would know that the emails were emails in order to sync or to accept them as emails. – schroeder May 18 '17 at 08:12
  • Your edit doesn't counter my comment above. Your encrypted OST file is no longer an OST file ... – schroeder May 18 '17 at 08:28

2 Answers2

0

It seems very unlikely that Exchange would be able to communicate with a corrupted system.

It is hard enough to get it to work correctly under ideal conditions.

SDsolar
  • 977
  • 1
  • 6
  • 25
  • How do you decrypt the files if the system does not work? A required element for it to be 'ransom' is that the system still works .... – schroeder May 18 '17 at 08:32
0

MS Exchange does not synchronise OST files between workstations and the server. Microsoft Outlook does the job and it synchronises the content not he file itself.

If OST file gets encrypted, Microsoft Outlook will fail to open it and no synchronisation would occur anyway.

techraf
  • 9,141
  • 11
  • 44
  • 62
  • If the particular ransomware actually supports reading/writing OST file format, it can rewrite the emails in the file and produce a still-valid OST where every emails are encrypted. It might then be able to set the email metadata in a way that tells outlook that it later needs to sync the email to the server. It's a bit far fetched scenario though, as supporting a file format like that isn't an easy job while the best strength of ransomware is its simplicity, but it's not impossible. – Lie Ryan May 19 '17 at 12:08
  • I tried to research, but got distracted and later forgot. From a common sense: OST is not required for Outlook to function properly, it's just a local cache. So all actions that Outlook performs (sending, deletion, etc.) do not go through OST at all; and I see no single reason for Outlook to push data from local caches for other purposes. – techraf May 19 '17 at 12:16