SonicWall has issued a warning about a series of ransomware attacks that are targeting unpatched End-of-Life (EoL) Security Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices. Users are urged to update the firmware of EoL SMA and/or SRA devices immediately to prevent them from getting infected with ransomware.
In collaboration with trusted third parties, SonicWall has detected an imminent ransomware campaign targeting its unpatched end-of-life products:
“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials,” the company said.
The attacks are focused on a known vulnerability that has been already patched in the newer versions of firmware. They do not affect the latest models of SonicWall’s products.
SonicWall warned that the critical vulnerabilities in EoL SMA and/or SRA devices with 8.x firmware must be patched, otherwise organizations are risking a targeted ransomware attack:
“Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack,” SonicWall warned.
Customers using actively supported SMA 210/410/500v products are advised to update their firmware v. 8.x immediately as well, to avoid exploitation.
“As additional mitigation, you should also immediately reset all credentials associated with your SMA or SRA device, as well as any other devices or systems using the same credentials,” SonicWall added. “As always, we strongly recommend enabling multifactor authentication (MFA).”
In April, attackers exploited a zero-day flaw in SonicWall’s SMA 100 Series VPN devices to deploy a new ransomware strain FiveHands in North American and Europe. This threat group (UNC2447) exploited the SonicWall vulnerability to gain unauthorized access to systems and encrypto them with FiveHands before SonicWall managed to release patches in late February 2021.