Recently, SonicWall one of the biggest networking company has claimed that they have encountered an imminent ransomware campaign that is continuously targeting their devices.
Soon after knowing about the ransomware, SonicWall immediately warned its customers regarding the ransomware and pronounced that this imminent ransomware is attacking the products that have already been stopped.
According to the report, the company has declared that they are not yet cleared that which specified vulnerability is being targeted by the cybercriminal, but it was clear that the threat actors are targeting a particular vulnerability that has been fixed in the most advanced firmware versions.
However, after detecting the ransomware, SonicWall has suggested some resolutions that are to be followed by the customer, and all these resolutions were made on the basis of the equipment that is being used by the customer.
SRA 4600/1600 (Discontinued in 2019)
SRA 4200/1200 (discontinued 2016)
SSL-VPN 200/2000/400 (Discontinued 2013, 2014)
SMA 400/200 (Still supported in limited decommissioning mode)
As we said above that this imminent ransomware is strongly impacting SonicWall, therefore each and every customer was suggested to update all their impacted devices as soon as possible.
However, after detecting the ransomware, SonicWall has immediately and frequently communicated with the organization those who got affected by this ransomware for mitigation steps and updated guidance.
It has been asserted that all those organizations that decline to take suitable and needed steps to stop this attack and to mitigate these vulnerabilities on their SRA and SMA 100 series outcomes are at immediate danger of a targeted ransomware attack.
According to the company, 8.x firmware are past temporary mitigations for this ransomware, in case if the organization continues to use this firmware then their device will be at an active security risk.
However, the end-of-life devices cannot upgrade to 9.x or 10.x firmware, that’s why the company has provided a complimentary virtual SMA 500v until October 31, 2021. Using this complementary mitigation will surely provide extra time to the organizations so that they can get full-proof mitigation to bypass this attack.
The temporary SMA 500v will be pre-registered for clients with 8.X firmware, and this SMA 500v will be presented in the mysonicwall.com account under the name “SMA_SRA8X_Migration_500v.”
Moreover, the SMA500v will do not have any kind of phone support, and for these reasons, the organization has may have to seek the SonicWall communities SMA thread.
While apart from this, upgrading to the newest firmware or simply stop using the EOL appliances as soon as possible is the best possible way to mitigate, as the CISA itself has recommended all the users.
For further security, they have advised all the users and administrators to follow the best security practices.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
ServiceNow recently disclosed three critical vulnerabilities (CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178) affecting multiple Now Platform versions,…
A newly discovered vulnerability in Google Cloud Platform (GCP) has raised significant security concerns among…
The PKfail vulnerability is a significant security issue affecting over 200 device models of Secure…
A vulnerability in OpenStack's Nova component has been identified, potentially allowing hackers to gain unauthorized…
A North Korean military intelligence operative has been indicted for orchestrating a series of cyberattacks…
RA World, an emerging ransomware group, has been increasingly active since March 2024, using a…