SonicWall warns of 'imminent' ransomware campaign against some devices

SonicWall has issued an immediate warning of "imminent" ransomware to users of its Secure Mobile Access (SMA) and Secure Remote Access (SRA) products.

“Through collaborations with trusted third parties, SonicWall has been actively exposed to threats targeting the Secure Mobile Access (SMA) 100 Series and Secure Remote Access (SRA) products that are unpatched and end-of-the-way.” There are boxes." Life (EOL) 8.x firmware using stolen credentials in an impending ransomware campaign,” the company said on Wednesday. "The exploit targets a known vulnerability that has been patched in newer versions of the firmware."

End-of-life devices with 8.x firmware cannot be decompressed. "Continuous use of this firmware or end-of-life devices is an active security risk," the alert said. To provide a transition path for customers with end-of-life devices that cannot upgrade to 9.x or 10.x firmware, SonicWall is offering a complimentary virtual SMA 500v until October 31.

The company stressed that the notice is specifically for the SMA 100 and the older SRA series (reference lists for current SMA products and end-of-life products). SMA 1000 Series products are not affected by this notice.

IT departments with SRA and/or SMA100 series with 9.x and 10.x firmware should continue to follow best practices such as updating to the latest available SMA firmware or updating to the latest SRA firmware and enabling multifactor authentication.

Organizations that fail to take appropriate action to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a ransomware attack, the notice reiterated.

Update: In a statement the company said that this exploit targets a long-known vulnerability that was patched in new versions of the firmware released in early 2021. "SonicWall immediately and repeatedly contacted affected organizations of mitigation steps and updated guidance.

“Even though the footprint of affected or unpatched devices is relatively small, SonicWall advises organizations to patch supported devices or disable security devices that are no longer supported, especially when updated intelligence about emerging threats It's up." Regardless of vendor, continued use of unpatched firmware or end-of-life devices is an active security risk.

Organizations using the following end-of-life SMA and/or SRA devices running Firmware 8.x should either update their firmware or disconnect their devices:

SRA 4600/1600 (EOL 2019)

disconnect immediately

password reset

SRA 4200/1200 (EOL 2016)

disconnect immediately

password reset

SSL-VPN 200/2000/400 (EOL 2013/2014)

disconnect immediately

password reset

SMA 400/200 (still supported, in limited retirement mode)

10.2.0.7-34 or 9.0.0.10 . update immediately

password reset

Enable MFA

While not part of this campaign targeting SRA/SMA Firmware 8.x, customers with the following products should also ensure they are on the latest version of the firmware to mitigate other vulnerabilities discovered in early 2021 .

SMA 210/410/500V (Actively Supported)

Firmware 9.x should immediately update to 9.0.10-28sv or later

Firmware 10.x should immediately update to 10.2.0.7-34sv or later

This is not the first recent warning by the company of a problem with SMA 100 devices. In January it confirmed a critical zero-day vulnerability in SMA 100 series devices running firmware with version 10.x code.