Search

Upgrade your SonicWall devices to avoid potential ransomware attacks, says CISA

Cyber crime officers at Leicestershire Police alerted us to a ransomware threat which targets vulnerabilities in SonicWall devices, with a local business being hit.



This comes after the Cybersecurity and Infrastructure Security Agency (CISA) warned of threat actors targeting "a known, previously patched, vulnerability" found in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products with end-of-life firmware, as reported by Bleeping Computer recently.


But what does this mean?


Well, the US federal agency added that the attackers can exploit this security vulnerability as part of a targeted ransomware attack.


SonicWall had issued an "urgent security notice" warning customers via email of the "imminent risk of a targeted ransomware attack."


The CISA urges users and administrators to review the SonicWall security notice and upgrade their devices to the latest firmware or immediately disconnect all end-of-life appliances.


Hello HelloKitty?


CISA and SonicWall did not reveal the identity of the threat attackers behind these attacks, but Bleeping Computer was told by a source in the cybersecurity industry that the HelloKitty ransomware group has been exploiting the vulnerability for the past few weeks.


Cybersecurity firm CrowdStrike also confirmed to BleepingComputer that the ongoing attacks are attributed to multiple threat actors, including HelloKitty.


HelloKitty are not to be confused with the supercute fictional character produced by the Japanese company Sanrio, HelloKitty in this sphere is a human-operated ransomware operation active since November 2020, mostly known for encrypting the systems of CD Projekt Red and claiming to have stolen Cyberpunk 2077, Witcher 3, Gwent, and other games' source code.


So to reiterate, the CISA are urging users and administrators to review the SonicWall security notice and upgrade their devices to the latest firmware or immediately disconnect all end-of-life appliances.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.