Security News > 2021 > July > SonicWall warns of 'critical' ransomware risk to EOL SMA 100 VPN appliances
SonicWall has issued an "Urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life Secure Mobile Access 100 series and Secure Remote Access products.
"Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware in an imminent ransomware campaign using stolen credentials," the company said.
"Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack," SonicWall warns.
Companies still using EoL SMA and/or SRA devices with 8.x firmware are urged to update the firmware immediately or disconnect the appliances as soon as possible to fend off the critical risk of ransomware attacks.
"Even though the footprint of impacted or unpatched devices is relatively small, SonicWall continues to strongly advise organizations to patch supported devices or decommission security appliances that are no longer supported, especially as it receives updated intelligence about emerging threats. The continued use of unpatched firmware or end-of-life devices, regardless of vendor, is an active security risk." - SonicWall.
In April, threat actors also exploited a zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy a new ransomware strain known as FiveHands on the networks of North American and European targets.
News URL
Related news
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Ransomware payments are now a critical business decision (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)