SonicWall firewalls have emerged as a significant vulnerability point, facilitating at least 30 ransomware attacks since August 2024. Security researchers from Arctic Wolf Labs have identified these firewalls as the initial access point for various ransomware variants, raising alarms about the potential risks for organizations still using unpatched devices.
Key Takeaways
SonicWall firewalls were exploited in at least 30 ransomware attacks since August 2024.
The critical vulnerability, CVE-2024-40766, has a CVSS score of 9.3 and affects over 300,000 devices.
Attackers have targeted a wide range of industries, with Akira ransomware being the most prevalent.
Overview Of the Vulnerability
The vulnerability, known as CVE-2024-40766, was disclosed by SonicWall on August 22, 2024, and has since been patched. However, many organizations have yet to update their firmware, leaving them susceptible to attacks. The vulnerability primarily affects the SSL VPN feature of SonicWall firewalls, which has been exploited by ransomware groups.
Attack Patterns
According to Arctic Wolf Labs, the attacks have shown a marked increase in activity, particularly during non-business hours. The time from initial access to ransomware deployment has varied significantly, ranging from 90 minutes to 10 hours. The following ransomware variants have been observed:
Akira Ransomware: Deployed in approximately 75% of the attacks.
Fog Ransomware: Used in the remaining 25% of incidents.
Impact On Organizations
The potential impact of these attacks is extensive, with SonicWall estimating that over 300,000 appliances are still under support. This means thousands of organizations could be at risk if they have not patched the critical vulnerability. Notably, about half of the customers using newer SonicWall Gen 7 devices have successfully upgraded their firmware, while only around 30% of older Gen 6.5 devices have done so.
Data Theft And Encryption
The ransomware attacks have not only encrypted data but also stolen sensitive information. In one notable case, attackers exfiltrated up to 30 months' worth of data from human resources and accounts payable departments. The focus of the attacks has been on the storage of virtual machines and their backups, highlighting the need for organizations to secure these critical assets.
Recommendations For SonicWall Users
Organizations using SonicWall firewalls are urged to take immediate action to mitigate risks:
Update Firmware: Ensure that all SonicWall devices are running the latest firmware to patch known vulnerabilities.
Monitor Activity: Keep an eye on network activity, especially during non-business hours, for any unusual behavior.
Conduct Security Audits: Regularly assess security measures and protocols to identify potential weaknesses.
The recent surge in ransomware attacks exploiting SonicWall firewalls underscores the critical importance of timely software updates and vigilant security practices. As cyber threats continue to evolve, organizations must remain proactive in safeguarding their networks against potential intrusions.
With cyber threats becoming more complex, safeguarding your business is more critical than ever. At BetterWorld Technology, we're constantly evolving to stay ahead of these risks, providing the expertise your company needs. Don’t wait until it's too late—book a consultation with BetterWorld Technology today and let us help you fortify your cybersecurity defenses.
Sources
SonicWall firewalls the common access point in spreading ransomware campaign, Cybersecurity Dive.