Overview

• The company revised its initial estimate that under 5% were affected, confirming all users of the cloud backup service had firewall backups accessed.
• SonicWall warns the stolen files contain encrypted credentials and configuration details that could enable targeted attacks despite encryption.
• Updated portal lists rank impacted firewalls as Active – High Priority, Active – Lower Priority, or Inactive to guide remediation.
• Guidance calls for password resets and importing replacement preference files, which can break IPSec VPNs, TOTP bindings, and user access, so admins are urged to schedule maintenance windows.
• SonicWall released assessment and remediation tools, is notifying customers, and says it is working with Mandiant and law enforcement on hardening and monitoring.