Unsupported SonicWall Products Vulnerable to New Ransomware Attack
A new ransomware threat has surfaced, this time targeting unpatched and end-of-life products in SonicWall’s line of Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products. The threat is currently being exploited in the wild, so if you utilize these devices in your business, it is your responsibility to take action to mitigate damages caused by these ransomware attacks now.
SonicWall has been working with Mandiant and other trusted third parties to identify the nature of the threat, which uses stolen credentials to install ransomware on affected devices. This new ransomware threat is described as “imminent,” meaning that you absolutely need to take this seriously. If you don’t, you run the risk of ransomware threats ravaging your technology. Communication has been sent out from SonicWall to affected customers.
Thankfully, the vulnerability that allowed these attacks to occur has been patched in more recent versions of the firmware, although SonicWall does state in its notice, “SonicWall PSIRT strongly suggests that organizations still using 8.x firmware review the information below and take immediate action.” The “information below,” in this case, details which devices are affected, how they are affected, and what must be done to resolve these vulnerabilities. In most cases regarding devices that have reached their end of life, the company recommends taking affected devices offline and resetting all associated credentials, but in the case of devices which are still supported, updating to the most recent firmware should also do the trick. SonicWall also urges users to change passwords and enable multi-factor authentication.
SonicWall apparently understands that it is not always easy to upgrade away from legacy technology. In response to this threat, they issued the following statement: To provide a transition path for customers with end-of-life devices that cannot upgrade to 9.x or 10.x firmware, we’re providing a complimentary virtual SMA 500v until October 31, 2021. This should provide sufficient time to transition to a product that is actively maintained.” It must be mentioned that this is only a short-term solution, not a long-term one.
These types of threats that strike out at software and unsupported firmware which has reached its end of life are not uncommon. All good things must come to an end eventually, including your technology solutions. It is your responsibility to make sure that your organization is only using technology that is currently supported by its developers. Failing to do so is asking for trouble, and you are only shooting yourself in the foot by ignoring them in favor of using older technology.
**Keep in mind, if we’re managing your IT and cybersecurity infrastructure, we’re handling all of your security updates. If you aren’t sure, reach out to us to ensure your agreement covers this type of support.**
BlackCSI can help you address issues with your IT infrastructure where you might still be using older unsupported technologies. We can address any shortcomings with your network and handle the process of upgrading to better, more secure technology. To learn more, reach out to us at (717) 620-3042.