Akira Exploits SonicWall VPNs in Broad Ransomware Campaign

A new ransomware campaign led by the Akira group is exploiting vulnerabilities in SonicWall VPN appliances to gain unauthorized access and deploy ransomware across multiple organizations. This widespread attack leverages known security flaws in SonicWall's VPN products, highlighting the critical need for timely patching and robust network defenses. The Akira ransomware group has been observed targeting various sectors, using sophisticated tactics to bypass security controls and encrypt valuable data, demanding hefty ransoms for decryption keys. Organizations using SonicWall VPNs are urged to apply the latest security updates immediately and enhance monitoring to detect suspicious activities early. This campaign underscores the evolving ransomware threat landscape and the importance of proactive cybersecurity measures to mitigate risks associated with VPN vulnerabilities. The article provides detailed insights into the attack vectors, affected systems, and recommended mitigation strategies to protect against Akira ransomware attacks exploiting SonicWall VPN vulnerabilities.

This Cyber News was published on www.darkreading.com. Publication date: Mon, 29 Sep 2025 21:10:06 +0000

Cyber News related to Akira Exploits SonicWall VPNs in Broad Ransomware Campaign

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
1 year ago Cybersecuritynews.com

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
11 months ago Cybersecuritynews.com

Akira Exploits SonicWall VPNs in Broad Ransomware Campaign - A new ransomware campaign led by the Akira group is exploiting vulnerabilities in SonicWall VPN appliances to gain unauthorized access and deploy ransomware across multiple organizations. This widespread attack leverages known security flaws in ...
5 months ago Darkreading.com CVE-2021-20016 Akira

SonicWall Firewalls Targeted by Akira Ransomware: What You Need to Know - SonicWall firewalls have recently been targeted by the Akira ransomware, marking a significant threat to network security. This ransomware exploits vulnerabilities in SonicWall devices to infiltrate corporate networks, encrypt critical data, and ...
5 months ago Cybersecuritynews.com CVE-2023-20078 Akira ransomware group

Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
1 year ago Cybersecurity-insiders.com

5 Best VPNs for Travel in 2024 - VPNs are software that encrypt your online activity and adjust your IP address, protecting sensitive company data and allowing you to access geo-restricted content at the same time. In this article, we take a look at the five best VPNs for travelers. ...
1 year ago Techrepublic.com

Akira ransomware breaching MFA-protected SonicWall VPN accounts - The Akira ransomware group has been actively targeting SonicWall VPN accounts, even those protected by multi-factor authentication (MFA). This alarming development highlights the evolving tactics of ransomware operators who are bypassing traditional ...
5 months ago Bleepingcomputer.com Akira ransomware group

SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
1 year ago Cybersecuritynews.com CVE-2024-53704 Akira

Tietoevry ransomware attack causes outages for Swedish firms, cities - Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang. Tietoevry ...
2 years ago Bleepingcomputer.com Akira

Akira ransomware exploiting critical SonicWall SSLVPN bug again - The Akira ransomware group has resumed exploiting a critical vulnerability in SonicWall SSLVPN devices, identified as CVE-2023-3519. This flaw allows attackers to bypass authentication and gain unauthorized access to vulnerable SonicWall SSLVPN ...
5 months ago Bleepingcomputer.com CVE-2023-3519 Akira ransomware group

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
2 years ago Bleepingcomputer.com LockBit Akira Noescape

178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks - Two unauthenticated denial-of-service vulnerabilities are threatening the security of SonicWall next-generation firewall devices, exposing more than 178,000 of them to both DoS as well as remote code execution attacks. SonicWall products affected are ...
2 years ago Darkreading.com CVE-2022-22274 CVE-2023-0656

Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
2 years ago Bleepingcomputer.com LockBit Akira

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications - During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able to recover the LUKS decryption key by leveraging ...
2 years ago Securityboulevard.com

US energy firm shares how Akira ransomware hacked its systems - In a rare display of transparency, US energy services firm BHI Energy details how the Akira ransomware operation breached their networks and stole the data during the attack. BHI Energy, part of Westinghouse Electric Company, is a specialty ...
2 years ago Bleepingcomputer.com Akira

LockBit takedown surges Akira Ransomware Attacks - Following the takedown of the LockBit Ransomware group's website in 'Operation Cronos' by law enforcement agencies, there has been a notable surge in the activity of the Akira Ransomware group in recent weeks. This rise has been particularly ...
1 year ago Cybersecurity-insiders.com LockBit Akira Ra group

Ransomware victims targeted by fake hack-back offers - Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. Both Royal and Akira ransomware ...
2 years ago Bleepingcomputer.com Akira Qilin

Akira Ransomware Using Compromised Credentials and Public Tools in New Wave of Cyberattacks - According to their leak site, the group has compromised over 350 organizations, with victims who refuse payment seeing their data published in the dedicated “Leaks” section. The cybersecurity landscape faces a mounting threat as the Akira ...
10 months ago Cybersecuritynews.com Akira

The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
2 years ago Bleepingcomputer.com LockBit BianLian Akira Cactus

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
3 years ago Heimdalsecurity.com LockBit

Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks - Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks. These appliances are affected by two DoS ...
2 years ago Bleepingcomputer.com CVE-2022-22274 CVE-2023-0656

Unveiling Free VPN Risks: Protecting Online Privacy and Security - If you're seeking enhanced security and privacy for your online activities, you might be considering the use of a Virtual Private Network. Virtual Private Networks are specifically crafted to accomplish this task. A quality VPN channels your web ...
2 years ago Cysecurity.news Slug

Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
2 years ago Feeds.fortinet.com 8base

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
2 years ago Unit42.paloaltonetworks.com Medusa

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
2 years ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta