Recently, SonicWall one of the biggest networking company has claimed that they have encountered an imminent ransomware campaign that is continuously targeting their devices.
Soon after knowing about the ransomware, SonicWall immediately warned its customers regarding the ransomware and pronounced that this imminent ransomware is attacking the products that have already been stopped.
According to the report, the company has declared that they are not yet cleared that which specified vulnerability is being targeted by the cybercriminal, but it was clear that the threat actors are targeting a particular vulnerability that has been fixed in the most advanced firmware versions.
However, after detecting the ransomware, SonicWall has suggested some resolutions that are to be followed by the customer, and all these resolutions were made on the basis of the equipment that is being used by the customer.
SRA 4600/1600 (Discontinued in 2019)
SRA 4200/1200 (discontinued 2016)
SSL-VPN 200/2000/400 (Discontinued 2013, 2014)
SMA 400/200 (Still supported in limited decommissioning mode)
As we said above that this imminent ransomware is strongly impacting SonicWall, therefore each and every customer was suggested to update all their impacted devices as soon as possible.
However, after detecting the ransomware, SonicWall has immediately and frequently communicated with the organization those who got affected by this ransomware for mitigation steps and updated guidance.
It has been asserted that all those organizations that decline to take suitable and needed steps to stop this attack and to mitigate these vulnerabilities on their SRA and SMA 100 series outcomes are at immediate danger of a targeted ransomware attack.
According to the company, 8.x firmware are past temporary mitigations for this ransomware, in case if the organization continues to use this firmware then their device will be at an active security risk.
However, the end-of-life devices cannot upgrade to 9.x or 10.x firmware, that’s why the company has provided a complimentary virtual SMA 500v until October 31, 2021. Using this complementary mitigation will surely provide extra time to the organizations so that they can get full-proof mitigation to bypass this attack.
The temporary SMA 500v will be pre-registered for clients with 8.X firmware, and this SMA 500v will be presented in the mysonicwall.com account under the name “SMA_SRA8X_Migration_500v.”
Moreover, the SMA500v will do not have any kind of phone support, and for these reasons, the organization has may have to seek the SonicWall communities SMA thread.
While apart from this, upgrading to the newest firmware or simply stop using the EOL appliances as soon as possible is the best possible way to mitigate, as the CISA itself has recommended all the users.
For further security, they have advised all the users and administrators to follow the best security practices.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Vulnerability Assessment and Penetration Testing (VAPT) tools are an integral part of any cybersecurity toolkit,…
Microsoft has allowed unprivileged users to update their own User Principal Names (UPNs) in Entra…
IntelBroker, a key figure within the dark web's BreachForums, has announced his resignation as the…
A critical vulnerability in Kubernetes, designated as CVE-2024-9042, has been discovered, enabling attackers to execute…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical…
Researchers from the University of Florida and North Carolina State University conducted an extensive analysis…