Security News > 2021 > July > SonicWall warns of 'critical' ransomware risk to SMA 100 VPN appliances

SonicWall has issued an "Urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life Secure Mobile Access 100 series and Secure Remote Access products.

"Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware in an imminent ransomware campaign using stolen credentials," the company said.

"Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack," SonicWall warns.

Companies still using EoL SMA and/or SRA devices with 8.x firmware are urged to update the firmware immediately or disconnect the appliances as soon as possible to fend off the critical risk of ransomware attacks.

In April, threat actors also exploited a zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy a new ransomware strain known as FiveHands on the networks of North American and European targets.

This threat group, tracked by Mandiant as UNC2447, exploited the CVE-2021-20016 SonicWall vulnerability to breach systems and deliver FiveHands ransomware payloads before SonicWall released patches in late February 2021.

News URL

https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-ransomware-risk-to-sma-100-vpn-appliances/