Security News > 2021 > July > Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

Networking equipment maker SonicWall is alerting customers of an "Imminent" ransomware campaign targeting its Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware.
The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances are being exploited as an initial access vector for ransomware attacks to breach corporate networks worldwide.
"SonicWall has been made aware of threat actors actively targeting Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware in an imminent ransomware campaign using stolen credentials," the company said.
SMA 1000 series products are not affected by the flaw, SonicWall noted, urging businesses to take immediate action by either updating their firmware wherever applicable, turning on multi-factor authentication, or disconnecting the appliances that are past end-of-life status and cannot be updated to 9.x firmware.
As additional mitigation, SonicWall is also recommending customers reset all passwords associated with the SMA or SRA device, as well as any other devices or systems that may be using the same credentials.
In April, FireEye Mandiant disclosed that a hacking group tracked as UNC2447 was using a then-zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS on the networks of North American and European entities.
News URL
Related news
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- SonicWall SMA VPN devices targeted in attacks since January (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)