SonicWall is alerting users to an "imminent" ransomware attack targeting Secure Mobile Access (SMA) 100 series and the older Secure Remote Access (SRA) series running unpatched and end-of-life (EOL) 8.x firmware.
The campaign is using stolen credentials, the company reports, and the exploitation targets a known vulnerability that has been patched in newer versions of the firmware. Businesses using a range of EOL SMA and/or SRA devices running firmware 8.x should update their firmware or disconnect their devices, as per guidance SonicWall outlines in an advisory.
As an additional mitigation, SonicWall advises organizations using SMA or SRA devices to reset all credentials associated with them, as well as for any other devices and systems that use the same credentials.
"Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack," SonicWall wrote in an alert. Affected EOL devices with 8.x firmware are past temporary mitigations, the company says, and continuing to use this firmware or EOL devices is "an active security risk."
Customers using SMA 1000 series products are not affected by the attack, and those with SRA and/or SMA 100 series running 9.x and 10.x firmware are advised to continue following best practices such as updating to the newest SMA firmware or SRA firmware, and enabling multifactor authentication.
Read SonicWall's full alert for more details.