UPDATE: SonicWall has issued the following statement, "Threat actors will take any opportunity to victimize organizations for malicious gain. This exploitation targets a long-known vulnerability that was patched in newer versions of firmware released in early 2021. SonicWall immediately and repeatedly contacted impacted organizations of mitigation steps and update guidance," the company told TechRadar Pro.
"Even though the footprint of impacted or unpatched devices is relatively small, SonicWall continues to strongly advise organizations to patch supported devices or decommission security appliances that are no longer supported, especially as it receives updated intelligence about emerging threats. The continued use of unpatched firmware or end-of-life devices, regardless of vendor, is an active security risk."
SonicWall has alerted a section of its users to an “imminent” ransomware campaign targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running end-of-life, unpatched firmware
The security vendor believes the malicious campaign exploits a known vulnerability that has already been patched in newer versions of the firmware for the affected devices.
“Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack,” SonicWall said in itsnotice.
- Here are the best ransomware protection tools
- Protect your devices with these best antivirus software
- These are the best malware removal software on the market
Playing with fire
The notice, which focuses more on remediation steps rather than sharing information about the threat itself, does acknowledge that the advisory is the result of collaboration between SonicWall and trusted third parties, particularly Mandiant.
Reporting on the notice, ZDNet shares that while SonicWall did not identify the ransomware group that was targeting its customers, earlier this year, cybersecurity researchers ran into a new variant of the FiveHands ransomware that was attacking SonicWall appliances.
In any case, the company is urging users still running devices with the unmaintained firmware to quickly update to the recent version.
It’s even coming to the rescue of customers with end-of-life devices that cannot upgrade to the newer patched firmware, by providing a complimentary virtual SMA 500v instance until October 31, 2021, giving them ample time to switch to a more recent product.
- Here’s our list of the best patch management tools and services
