SonicWall appliances targeted by ransomware

This is the second time this year that SonicWall has alerted its customers to vulnerabilities that can be exploited by hackers. The OEM this week warned of an “imminent” ransomware campaign targeting its older Secure Mobile Access (SMA) and Secure Remote Access (SRA) products and advised customers to update their firmware or disconnect their devices immediately. devices and change all associated passwords. SRA 4600/1600 (EoL 2019), SRA 4200/1200 (EoL 2016) and SSL-VPN 200/2000/400 (EoL 2013/2014) appliances are affected. “Companies that do not take appropriate steps to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack,” the security alert reads. Recall that the SMA 100 series appliances are access management gateways that allow small and medium-sized businesses to provide remote employees with browser-based and VPN-based access to internal corporate resources, or even to hybrid resources hosted in the cloud.

Mandiant threat researchers, who also discovered the SolarWinds breach in December, alerted SonicWall that cybercriminals using stolen credentials were targeting SMA 100 and SRA products running unpatched 8.x firmware and eventually of life. This is a known vulnerability that SonicWall has fixed in the latest versions of its firmware. “Affected end-of-life devices with firmware 8.x have exceeded temporary mitigations,” the alert reads. “Continued use of this firmware or end-of-life devices constitutes an active security risk.” However, the vendor said it will provide a free virtual 500v SMA until October 31 for customers whose end-of-life devices cannot be upgraded to 9.x or 10.x firmware. This should give those customers “ample time to transition to a product that is actively maintained,” he added.

The SMA 1000 series preserved

For SRA series products with active support (210/410/500v), the OEM advises customers using firmware 9.x to immediately update to version 9.0.0.10-28sv or later. For SRA customers using firmware 10.x, SonicWall has advised that they should immediately update to 10.2.0.7-34sv or later. Finally, note that the products of the SMA 1000 series are not affected by the vulnerability.