SonicWall devices targeted with ransomware utilising stolen credentials

Australian Cyber Security Centre

Background /What has happened?

SonicWall, a network and cyber security appliance vendor, is reporting that ransomware activity is currently targeting their Secure Mobile Access (SMA) and Secure Remote Access (SRA) products. This ransomware activity is reported by SonicWall as abusing stolen credentials.

The ACSC is aware of stolen credentials affecting Australian organisations that were likely the result of vulnerable SonicWall devices being exploited.

The ACSC has previously issued an alert on a remote credential access vulnerability affecting SonicWall products.

Mitigation / How do I stay secure?

/Public Release. This material comes from the originating organization/author(s)and may be of a point-in-time nature, edited for clarity, style and length. The views and opinions expressed are those of the author(s).View in full here.