The attack exploits a known vulnerability that was fixed in new versions of firmware released this year.

Dark Reading Staff, Dark Reading

July 15, 2021

1 Min Read

SonicWall is alerting users to an "imminent" ransomware attack targeting Secure Mobile Access (SMA) 100 series and the older Secure Remote Access (SRA) series running unpatched and end-of-life (EOL) 8.x firmware.

The campaign is using stolen credentials, the company reports, and the exploitation targets a known vulnerability that has been patched in newer versions of the firmware. Businesses using a range of EOL SMA and/or SRA devices running firmware 8.x should update their firmware or disconnect their devices, as per guidance SonicWall outlines in an advisory.

As an additional mitigation, SonicWall advises organizations using SMA or SRA devices to reset all credentials associated with them, as well as for any other devices and systems that use the same credentials.

"Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack," SonicWall wrote in an alert. Affected EOL devices with 8.x firmware are past temporary mitigations, the company says, and continuing to use this firmware or EOL devices is "an active security risk."

Customers using SMA 1000 series products are not affected by the attack, and those with SRA and/or SMA 100 series running 9.x and 10.x firmware are advised to continue following best practices such as updating to the newest SMA firmware or SRA firmware, and enabling multifactor authentication.

Read SonicWall's full alert for more details.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights