ReEvil Ransomware
Pknoeber
Newbie ✭
We operate with a TZ400 and after calling in to the support center, I've realized I'm not articulating my question well enough. I'm not an IT expert, but I need to verify this.
Can anyone truly verify that the ReEvil ransomware attack won't create vulnerabilities with the SonicWall?
Thanks.
Category: Entry Level Firewalls
0
Answers
@Pknoeber - I am not sure I understand your question. Is it that you think this group will try to find areas of infiltration in your UTM? Or are you asking if your firewall can stop the attack?
If the former, I don't think you are going to get an "official" answer from SonicWall. They tend to not publicly identify flaws in their code base until they can release an update to preclude anyone using it for malicious purposes.
If the latter, the answer is no, your firewall cannot stop the attack. However, it is possible that SentinelOne could have mitigated it by realizing once the Windows Defender sideloaded the code that things were not normal.
You'd have to have the Capture Client licenses to have the SentinelOne protection. But even now, I haven't seen an email from SonicWall indicating they did anything to control how SentinelOne was going to respond to agent.exe and the msvc.dll activities.
A good overview of the attack sequence from a non-technical point of view: https://www.wired.com/story/revil-ransomware-supply-chain-technique/
Hope that helps.
The reason you don't understand my question is b/c I don't know enough to ask it correctly. From what I've read, the ransomware attack is targeting the Kaysea VSA software. I just need to verify that they don't provide any services to SonicWall.
@Pknoeber Here's the official announcement.
@Micah - is there any link between SonicWall and Kaseya?