SonicWall has released an urgent security bulletin to their customers using unpatched, end-of-life Secure Mobile Access 100 series and Secure Remote Access products. The company indicates that there is an imminent ransomware campaign using stolen credentials targeting these devices running 8.x firmware. Since these firmware versions are considered end-of-life and out of support by the vendor, temporary mitigations are not possible, and SonicWall is urging customers to take drastic measures to ensure they are protected against this imminent threat, including disconnecting the devices from the network entirely. SonicWall is proactively reaching out to customers known to be using EOL software versions and are providing a complimentary virtual SMA 500v to customers who are not able to immediately upgrade to a supported version.
Running EOL software is one of the most serious yet easily avoidable security risks. Especially for networking devices that are directly accessible over the internet, such as these SonicWall products, this is not a risk that organizations should accept. SonicWall has not yet released details or IOCs related to the imminent attack, however a zero-day in the company’s products was exploited earlier this year in April by an organization known as UNC2447, using the ransomware variant FiveHands.
This informed analysis is based on the latest data available.