Networking equipment company SonicWall has issued an urgent warning to its customers, announcing an “imminent ransomware campaign” that will target products that have already been discontinued support.
The company warns that cybercriminals are targeting a certain vulnerability, which has been fixed in the latest firmware versions, but it is not specified which vulnerability is in question, and the CVE identifier is also not specified. Instead, SonicWall encourages customers to update their device firmware as soon as possible if newer versions are available.If customers are unable to upgrade directly now, SonicWall recommends immediately disconnecting devices, resetting passwords, and enabling multi-factor authentication if supported.
That is, no temporary measures can be applied to outdated devices with firmware 8.x on board. Continued use of such a firmware or device “poses an active security threat,” according to the company.
Based on what type of equipment customers are using, SonicWall makes the following recommendations.
- SRA 4600/1600 (discontinued in 2019):
- disable immediately;
- reset passwords.
- SRA 4200/1200 (discontinued 2016)
- disable immediately;
- reset passwords.
- SSL-VPN 200/2000/400 (discontinued in 2013, 2014)
- disable immediately;
- reset passwords.
- SMA 400/200 (still supported in limited decommissioning mode)
- immediately upgrade to 10.2.0.7-34 or 9.0.0.10;
- reset passwords;
- enable multi-factor authentication.
Also, the developers warned the owners of SMA 210/410/500v devices, who are still supported, that they also need to update the firmware to versions 9.x or 10.x and in no case use the old firmware 8.x, as they may also be exposed to extortionate attack.
Let me remind you that we also talked about the fact that Dangerous vulnerability in SonicWall products was not fully fixed.
