SonicWall Warns of Ransomware Campaign Against Products with Outdated Firmware

SonicWall and the ransomware campaign
Written by Emma Davis

Networking equipment company SonicWall has issued an urgent warning to its customers, announcing an “imminent ransomware campaign” that will target products that have already been discontinued support.

The company warns that cybercriminals are targeting a certain vulnerability, which has been fixed in the latest firmware versions, but it is not specified which vulnerability is in question, and the CVE identifier is also not specified. Instead, SonicWall encourages customers to update their device firmware as soon as possible if newer versions are available.

Through collaboration with trusted third parties, SonicWall has become aware of hackers targeting imminent ransomware campaigns using stolen credentials at Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running firmware 8.x support has already been terminated completely.the statement says.

If customers are unable to upgrade directly now, SonicWall recommends immediately disconnecting devices, resetting passwords, and enabling multi-factor authentication if supported.

If your organization has an outdated SRA device that has expired and cannot be upgraded to version 9.x, its continued use could lead to ransomware exploitation.says SonicWall.

That is, no temporary measures can be applied to outdated devices with firmware 8.x on board. Continued use of such a firmware or device “poses an active security threat,” according to the company.

Based on what type of equipment customers are using, SonicWall makes the following recommendations.

  • SRA 4600/1600 (discontinued in 2019):
    • disable immediately;
    • reset passwords.
  • SRA 4200/1200 (discontinued 2016)
    • disable immediately;
    • reset passwords.
  • SSL-VPN 200/2000/400 (discontinued in 2013, 2014)
    • disable immediately;
    • reset passwords.
  • SMA 400/200 (still supported in limited decommissioning mode)
    • immediately upgrade to 10.2.0.7-34 or 9.0.0.10;
    • reset passwords;
    • enable multi-factor authentication.

Also, the developers warned the owners of SMA 210/410/500v devices, who are still supported, that they also need to update the firmware to versions 9.x or 10.x and in no case use the old firmware 8.x, as they may also be exposed to extortionate attack.

Let me remind you that we also talked about the fact that Dangerous vulnerability in SonicWall products was not fully fixed.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.