SonicWall Urges Customers to Disable SSLVPN Amid Reports of Ransomware Attacks

Enterprise security company SonicWall is sounding the alarm, urging its customers to disable a core feature of its most recent line-up of firewall devices in light of reports of ransomware incidents targeting SonicWall customers. The sudden move comes as security researchers have identified hackers exploiting a vulnerability in the company's Generation 7 firewalls, which has left many wondering if a previously disclosed bug or a new one is at play.

SonicWall stated that it has observed a notable increase in security incidents targeting its Generation 7 firewalls where customers have enabled the SSLVPN feature. The company assured that it is actively investigating these incidents to determine whether they are connected to a previously disclosed vulnerability or if a new vulnerability may be responsible.

Ransomware Attacks Targeting SonicWall Customers

Security researchers at Arctic Wolf have reported seeing intrusions targeting SonicWall customers as far back as mid-July. The company's alert comes as hackers increasingly target enterprise products, such as firewalls and VPNs, which serve as digital gatekeepers, allowing legitimate employees access to the company's network.

Huntress Labs, another cybersecurity firm, has also weighed in on the issue. According to Huntress, available evidence suggests that a zero-day vulnerability is to blame for the attacks, where hackers exploit a security bug before the vendor can patch it. The researchers observed a short gap between the exploitation of the SonicWall firewall and the subsequent deployment of file-encrypting malware, or ransomware.

Akira Ransomware Gang Sighting

Huntress Labs warned that the hackers exploiting the bug have been seen gaining access to a company's domain controllers, which manages the devices and users on the network. The firm believes that the Akira ransomware gang is behind some of the attacks targeting SonicWall customers. Akira has been known to target enterprise products, like Fortinet firewalls, to break into large networks.

“This is a critical, ongoing threat,” wrote Huntress in its blog, emphasizing the urgency of the situation and advising customers to disable their SSLVPN feature immediately to prevent potential attacks.

What's at Stake

The security flaws in these products can allow malicious hackers in, enabling attackers to launch data-stealing or destructive attacks. As a result, SonicWall's decision to advise its customers to disable the SSLVPN feature serves as a stark reminder of the importance of regular software updates and patching.

For those relying on SonicWall firewalls for network security, it is crucial to prioritize their own cybersecurity efforts and stay informed about emerging threats and vulnerabilities. The incident highlights the ever-evolving nature of cyberattacks and the need for vigilance in protecting sensitive data.