SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment.
SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL).
Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families.
“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials.” reads the alert published by the company. “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”
The company states that organizations that fail to address known vulnerabilities in the firmware of SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack.
The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible.
“If your org If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation.” continues the alert.
SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported.
“The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.
Below the recommendations provided by the company:
- SRA 4600/1600 (EOL 2019)
- Disconnect immediately
- Reset passwords
- SRA 4200/1200 (EOL 2016)
- Disconnect immediately
- Reset passwords
- SSL-VPN 200/2000/400 (EOL 2013/2014)
- Disconnect immediately
- Reset passwords
- SMA 400/200 (Still Supported, in Limited Retirement Mode)
- Update to 10.2.0.7-34 or 9.0.0.10 immediately
- Reset passwords
- Enable MFA
SonicWall also urges customers using actively supported SMA 210/410/500v devices to update their devices to 9.x or 10.x firmware versions.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, SonicWall)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment.
SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL).
Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families.
“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials.” reads the alert published by the company. “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”
The company states that organizations that fail to address known vulnerabilities in the firmware of SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack.
The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible.
“If your org If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation.” continues the alert.
SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported.
“The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.
Below the recommendations provided by the company:
- SRA 4600/1600 (EOL 2019)
- Disconnect immediately
- Reset passwords
- SRA 4200/1200 (EOL 2016)
- Disconnect immediately
- Reset passwords
- SSL-VPN 200/2000/400 (EOL 2013/2014)
- Disconnect immediately
- Reset passwords
- SMA 400/200 (Still Supported, in Limited Retirement Mode)
- Update to 10.2.0.7-34 or 9.0.0.10 immediately
- Reset passwords
- Enable MFA
SonicWall also urges customers using actively supported SMA 210/410/500v devices to update their devices to 9.x or 10.x firmware versions.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, SonicWall)