SonicWall customers urged to patch up immediately amid new ransomware attacks

Bad Bots
(Image credit: Gonin / Shutterstock)

UPDATE:  SonicWall has issued the following statement, "Threat actors will take any opportunity to victimize organizations for malicious gain. This exploitation targets a long-known vulnerability that was patched in newer versions of firmware released in early 2021. SonicWall immediately and repeatedly contacted impacted organizations of mitigation steps and update guidance," the company told TechRadar Pro.

"Even though the footprint of impacted or unpatched devices is relatively small, SonicWall continues to strongly advise organizations to patch supported devices or decommission security appliances that are no longer supported, especially as it receives updated intelligence about emerging threats. The continued use of unpatched firmware or end-of-life devices, regardless of vendor, is an active security risk."

SonicWall has alerted a section of its users to an “imminent” ransomware campaign targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running end-of-life, unpatched firmware

The security vendor believes the malicious campaign exploits a known vulnerability that has already been patched in newer versions of the firmware for the affected devices.

“Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack,” SonicWall said in itsnotice. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

Playing with fire

The notice, which focuses more on remediation steps rather than sharing information about the threat itself, does acknowledge that the advisory is the result of collaboration between SonicWall and trusted third parties, particularly Mandiant. 

Reporting on the notice, ZDNet shares that while SonicWall did not identify the ransomware group that was targeting its customers, earlier this year, cybersecurity researchers ran into a new variant of the FiveHands ransomware that was attacking SonicWall appliances.

In any case, the company is urging users still running devices with the unmaintained firmware to quickly update to the recent version. 

It’s even coming to the rescue of customers with end-of-life devices that cannot upgrade to the newer patched firmware, by providing a complimentary virtual SMA 500v instance until October 31, 2021, giving them ample time to switch to a more recent product. 

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Best free Linux firewalls
SonicWall tells admins to patch worrying SSLVPN flaw immediately
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
Android phone malware
Over 25 new malware variants created every single hour as smart device cyberattacks more than double in 2024
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall VPN flaw could allow hackers to hijack your sessions, so patch now
Latest in Security
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
Latest in News
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Millwall FC The Den
The UK's first football club mobile network is here - but you probably won't guess which team has launched it
The Witcher 4
You're probably not playing The Witcher 4 until 2027 at the earliest, per CD Projekt's latest financial update
Apple iPhone 16 Pro REVIEW
The iPhone 17 Air looks impressively slim in this new comparison image, but that just makes me more worried about the specs
Matt Murdock smiling in Daredevil: Born Again episode 5 and Kamala Khan looking stunned in The Marvels
Daredevil: Born Again episode 5 just revealed what Kamala Khan has been up to since The Marvels, and now I'm more excited for the next superhero team to appear in the MCU
Google Pixel Watch 3, 41mm and 45mm
Google says it will fix broken Wear OS 5.1 update, but why does this keep happening?