SonicWall EOL Devices Targeted by Ransomware

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

11:00am, 15 July 2021

TLP Rating: Clear

SonicWall EOL Devices Targeted by Ransomware

SonicWall has issued an urgent security notice, warning customers of ransomware attacks targeting end-of-life Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products. Products using 8.x firmware are being targeted.

What's happening

Systems affected

The following range of SonicWall devices for Secure Remote Access (SRA), SSL VPN and Secure Mobile Access (SMA) are affected by this vulnerability:

  • SRA 4600/1600
  • SRA 4200/1200
  • SSL-VPN 200/2000/400
  • SMA 400/200
  • SMA 210/410/500v using 8.x firmware

What to look for

How to tell if you're at risk

You are at risk of this vulnerability if you are using any devices with 8.x firmware from SonicWall.

Firmware versions 9.x before 9.0.0.10-28sv and 10.x before 10.2.0.7-34sv are also at risk of attack.

What to do

Prevention

SonicWall recommends that any organisation still using end-of-life SSL-VPN (200/2000/400) and/or SRA devices (4600/1600; 4200/1200) disconnect these devices immediately.

Devices still under support, but using 8.x firmware, should immediately upgrade to the latest versions from SonicWall.

  • Users of 9.x should immediately update to 0.0.10-28sv or later
  • Users of 10.x should immediately update to 10.2.0.7-34sv or later

Users of any of these devices should urgently reset all associated passwords and enable MFA.

More information

SonicWall's security notice External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384