Arctic Wolf Labs reports that Akira ransomware is exploiting a likely zero-day vulnerability in SonicWall SSL VPNs, even affecting fully patched devices. They recommend disabling the VPN service until a patch is released and emphasize enhancing security measures. #AkiraRansomware #SonicWallZeroDay
Keypoints
- Akira ransomware is actively exploiting SonicWall SSL VPNs through a suspected zero-day vulnerability.
- Fully patched SonicWall devices with MFA have still been compromised, indicating a serious security flaw.
- Ransomware attacks surged from July 15, 2025, often using VPS hosting for VPN login, bypassing typical ISP-based access.
- Arctic Wolf advises disabling SonicWall SSL VPNs until the security vulnerability is addressed.
- Organizations should enable security features like Botnet Protection and enforce MFA to mitigate risks.