CoreTech Blog

CoreTech Blog

CoreTech has been serving the Bowling Green area since 2006, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Cybersecurity Tools Now Delivering Ransomware

Cybersecurity Tools Now Delivering Ransomware

Another ransomware threat is out and about, this time targeting unpatched and end-of-life products in SonicWall’s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products. To make things worse, the threat is currently being used, so businesses utilizing these devices must take action now to limit how much damage this ransomware can do.

SonicWall, along with Mandiant and other trusted third parties, worked to determine the nature of the threat. This threat uses stolen credentials to install ransomware on vulnerable devices, and since it is described as “imminent,” you know it’s bad. If you don’t take immediate action, ransomware threats could become extremely problematic for your organization. SonicWall has been in communication with its affected customers to inform them of the vulnerability.

There is a spot of good news here, though. The vulnerability that allows these vulnerabilities to be taken advantage of is in an older version of the firmware, so those who are using more recent versions of the firmware should have had it already patched. SonicWall details this in its notice:  “SonicWall PSIRT strongly suggests that organizations still using 8.x firmware review the information below and take immediate action.” In this case, SonicWall is detailing the devices that are affected by the vulnerability, how they are affected, and their recommended course of action. If the device has reached its end of life, SonicWall urges companies to take the device offline and reset all of its associated credentials, but if devices are still supported, then updating the firmware should be enough to shore up the vulnerability. In addition, SonicWall also urges users to change passwords and enable multi-factor authentication.

Anyone using legacy technology knows the struggle of upgrading away from it to more recent hardware, and SonicWall is prepared for this. SonicWall issued this statement for customers who just can’t seem to let go of their older technology: “To provide a transition path for customers with end-of-life devices that cannot upgrade to 9.x or 10.x firmware, we’re providing a complimentary virtual SMA 500v until October 31, 2021. This should provide sufficient time to transition to a product that is actively maintained.” This is, of course, a short-term fix; the long-term fix is to equip yourself with new hardware.

These threats that take advantage of unsupported firmware and software that have reached their end of life are not particularly uncommon, so it’s important that your organization makes plans to upgrade away from technology that is creeping up on its end of life. If you don’t do this, you’ll get situations like the above where hackers start taking advantage of unsupported technology, thereby putting your company at risk.

**Keep in mind, if we’re managing your IT and cybersecurity infrastructure, we’re handling all of your security updates. If you aren’t sure, reach out to us to ensure your agreement covers this type of support.**

If you have any questions or concerns about unsupported software or maintaining your technology infrastructure as a whole, CoreTech is happy to help. To learn more about how we can make managing your technology easier, reach out to us at (270) 282-4926.

Spot Fake Links in your Emails
What You Need to Do to Keep Your IT Projects from ...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Tuesday, 17 December 2024

Captcha Image

About CoreTech

CoreTech has been serving the Kentucky area since 2006, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.

get a free quote

Recent News

Last week, we discussed why X—the social media network once known as Twitter—has been losing many users. Here, we wanted to direct those seeking a move to consider the up-and-coming platform known as Bluesky in case you were one of those jumping ship...

Contact Us

1711 Destiny Lane Suite 116
Bowling Green, Kentucky 42104

Mon to Fri 8:00am to 5:00pm

[email protected]

(270) 282-4926


Nashville Managed IT
Louisville and Lexington Managed IT
Bowling Green Managed IT
Clarksville Managed IT