SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Pierluigi Paganini July 15, 2021

SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment.

SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL).

Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families.

“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials.” reads the alert published by the company. “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”

The company states that organizations that fail to address known vulnerabilities in the firmware of SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack.

The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible.

“If your org If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation.” continues the alert.

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported.

“The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.

Below the recommendations provided by the company:

  • SRA 4600/1600 (EOL 2019)
    • Disconnect immediately 
    • Reset passwords
  • SRA 4200/1200 (EOL 2016)
    • Disconnect immediately
    • Reset passwords
  • SSL-VPN 200/2000/400 (EOL 2013/2014)
    • Disconnect immediately 
    • Reset passwords
  • SMA 400/200 (Still Supported, in Limited Retirement Mode)
    • Update to 10.2.0.7-34 or 9.0.0.10 immediately
    • Reset passwords
    • Enable MFA

SonicWall also urges customers using actively supported SMA 210/410/500v devices to update their devices to 9.x or 10.x firmware versions.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SonicWall)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment