Ransomware attack targeting unpatched EOL SonicWall SMA 100 VPN appliance

July 17, 2021

Networking equipment maker SonicWall is alerting customers for an imminent ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.

The SonicWall giving the warning more than a month after reports the remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481). This vulnerability can be exploited as an initial access vector for ransomware attacks to breach corporate networks worldwide.

According to SonicWall, the attacks target a known vulnerability patched in newer versions of firmware, and they do not impact SMA 1000 series products.

Impact of SRA:-

The impacts of a ransomware attack to your company could include the following: temporary, and possibly permanent, loss of your company’s data possibly a complete shutdown of your company’s operations. financial loss as a result of revenue generating operations being shut down.

Remote access solutions could leave you vulnerable. If you don’t have proper security solutions in place, remote connections could act as a gateway for cybercriminals to access your devices and data. Hackers could use remote desktop protocol (RDP) to remotely access.

Recommendations:-

Organizations using the SMA and/or SRA devices running firmware 8.x should either update their firmware or disconnect their appliances.

SRA 4600/1600 (EOL 2019)
- Disconnect immediately
- Reset passwords
SRA 4200/1200 (EOL 2016)
- Disconnect immediately

Reset passwords

SSL-VPN 200/2000/400 (EOL 2013/2014)
- Disconnect immediately
- Reset passwords
SMA 400/200 (Still Supported, in Limited Retirement Mode)
- Update to 2.0.7-34 or 9.0.0.10 immediately
- Reset passwords
- Enable MFA

And those who are not using firmware 8.x they can will also update latest version of firmware to mitigate vulnerabilities discovered in early 2021

SMA 210/410/500v (Actively Supported)
- Firmware x should immediately update to 9.0.0.10-28sv or later
- Firmware x should immediately update to 10.2.0.7-34sv or later

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ransomware attack targeting unpatched EOL SonicWall SMA 100 VPN appliance

Impact of SRA:-

Recommendations:-

Security Team

Related Posts

North Korean Threat Actors Exploit Python Packages to Deliver PondRAT Malware

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

GitLab Patches Critical SAML Authentication Bypass Vulnerability

Our Offices

Corporate Office (HO):

UK Office:

Registered Office (Delhi):

Noida Office:

Phone:

Email

Click To Download

Download CyberSRC Services & Portfolio & Datasheets

Download Case Studies

Download Company Brochure