Marquis Software Solutions says the August 2025 ransomware attack that affected dozens of U.S. banks and credit unions was enabled by firewall configuration data stolen from SonicWall’s MySonicWall cloud backup rather than by exploiting an unpatched firewall. SonicWall later confirmed all cloud backup customers were impacted, Mandiant linked the breach to state-sponsored actors, and Marquis is evaluating options to seek recoupment for response costs. #MarquisSoftwareSolutions #SonicWall
Keypoints
- Ransomware in August 2025 disrupted Marquis systems and affected dozens of U.S. banks and credit unions.
- Attackers leveraged firewall configuration data stolen from SonicWall’s MySonicWall cloud backup to bypass protections.
- SonicWall initially said ~5% of cloud backup customers were affected, then updated to say all cloud backup customers were impacted.
- Mandiant’s investigation linked the September breach to state-sponsored actors, while Akira-related VPN attacks were reported separately.
- Marquis is considering seeking recoupment for expenses incurred by the company and its customers in responding to the incident.