15 July 2021

SonicWall warns of “imminent” ransomware campaign targeting unpatched legacy equipment


SonicWall warns of “imminent” ransomware campaign targeting unpatched legacy equipment

SonicWall, the US company that manufactures network security and data protection products, has released an urgent alert for its customers warning of what it calls an “imminent” ransomware campaign targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) appliances running unpatched legacy firmware.

“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials,” the warning states.

The company said attackers are targeting an old SQL injection vulnerability in SonicWall SRA that allows remotely execute arbitrary SQL queries in database. The issue affects SRA appliances running all 8.x firmware or an old version of firmware 9.x (9.0.0.9-26sv or earlier) and has been fixed in recent versions of the firmware.

“If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation.”

“The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk,” the advisory reads.

SonicWall said it will provide a “complimentary virtual SMA 500v until October 31, 2021” to help customers with end-of-life devices that cannot upgrade to 9.x or 10.x firmware.

“As additional mitigation, you should also immediately reset all credentials associated with your SMA or SRA device, as well as any other devices or systems using the same credentials. As always, we strongly recommend enabling multifactor authentication (MFA),” the vendor advised.

Back to the list

Latest Posts

Malicious actors target Kubernetes clusters via Argo Workflows

Malicious actors target Kubernetes clusters via Argo Workflows

In the observed attacks the threat actors deployed a popular cryptocurrency mining container, kannix/monero-miner.
26 July 2021
Kaseya obtains a decryptor for victims of the REvil ransomware attack

Kaseya obtains a decryptor for victims of the REvil ransomware attack

It's not clear, if the company paid any ransom.
23 July 2021
Chinese cyber-spies use hacked routers in attacks against French organizations

Chinese cyber-spies use hacked routers in attacks against French organizations

The hackers are hijacking home routers to build a proxy botnet in order to hide the origins of their attacks.
22 July 2021