Critical Ransomware Risk Warning from SonicWall

SonicWall has released an “urgent security notice” highlighting a critical risk of immanent ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.

“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials,” the company said.

SonicWall has said that the attacks target a known vulnerability patched in newer versions of firmware, and they do not impact SMA 1000 series products.

“Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack,” SonicWall warns.

Either disconnect or update affected devices

Businesses still utilizing EoL SMA and/or SRA devices with 8.x firmware are urged to update the firmware immediately or disconnect the appliances as soon as possible to fend off the critical risk of ransomware attacks.

Customers using actively supported SMA 210/410/500v devices with the vulnerable 8.x firmware targeted in these attacks are also advised to immediately update to the latest version, which mitigates vulnerabilities discovered in early 2021.

“As additional mitigation, you should also immediately reset all credentials associated with your SMA or SRA device, as well as any other devices or systems using the same credentials,” SonicWall adds. “As always, we strongly recommend enabling multifactor authentication (MFA).”

Depending on the product they use, SonicWall recommends organizations to:

  • SRA 4600/1600 (EOL 2019)  Disconnect immediately   Reset passwords
  • SRA 4200/1200 (EOL 2016)  Disconnect immediately   Reset passwords
  • SSL-VPN 200/2000/400 (EOL 2013/2014)  Disconnect immediately  Reset passwords
  • SMA 400/200 (Still Supported, in Limited Retirement Mode)  Update to or immediately  Reset passwords  Enable MFA