Akira Ransomware Strikes Again: SonicWall VPNs Caught in Zero-Day Crossfire!

Akira ransomware is throwing a zero-day party, and SonicWall VPNs are the uninvited guests. Even fully patched devices are falling prey, despite MFA and new credentials. Arctic Wolf Labs urges organizations to disable SonicWall SSL VPNs until a patch arrives. Meanwhile, hackers are using VPS hosting to crash the VPN party in style.

3P
Published: August 3, 2025 1:31 pmAdded: August 3, 2025 at 7:01 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Akira is taking a page out of the “ninja handbook” with its stealthy zero-day attacks on SonicWall VPNs. Even fully patched systems are feeling the burn, proving once again that in the world of cybersecurity, you can never be too paranoid. Lock your digital doors, folks, because Akira is in the house and it’s not bringing gifts!

Key Points:

  • Akira ransomware is exploiting a likely zero-day in SonicWall SSL VPNs.
  • Fully patched devices with MFA are still being compromised.
  • Evidence shows attackers using VPS hosting to mimic legitimate access.
  • Organizations are advised to disable SonicWall SSL VPN until a patch is available.
  • Akira ransomware has been active since March 2023, targeting various industries.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?