Security News > 2021 > July > HelloKitty ransomware is targeting vulnerable SonicWall devices

HelloKitty ransomware is targeting vulnerable SonicWall devices
2021-07-17 15:44

CISA warns of threat actors targeting "a known, previously patched, vulnerability" found in SonicWall Secure Mobile Access 100 series and Secure Remote Access products with end-of-life firmware.

CISA urges users and administrators to review the SonicWall security notice and upgrade their devices to the latest firmware or immediately disconnect all end-of-life appliances.

Upgrade to the newest SonicWall firmware and disconnect EOL SonicWall appliances ASAP. Failing to follow SonicWall guidance may lead to targeted ransomware attacks.

While CISA and SonicWall did not reveal the identity of the threat attackers behind these attacks, BleepingComputer was told by a source in the cybersecurity industry that HelloKitty has been exploiting the vulnerability for the past few weeks.

According to a Coveware report, Babuk ransomware is also targeting SonicWall VPNs likely vulnerable to CVE-2020-5135 exploits.

A threat group tracked by Mandiant as UNC2447 has also exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy a new ransomware strain known as FiveHands.


News URL

https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-is-targeting-vulnerable-sonicwall-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-04 CVE-2021-20016 SQL Injection vulnerability in Sonicwall products
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
network
low complexity
sonicwall CWE-89
critical
9.8
2020-10-12 CVE-2020-5135 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sonicwall Sonicos and Sonicosv
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
network
low complexity
sonicwall CWE-119
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 113 0 40 74 38 152