Akira Ransomware Exploits SonicWall Zero-Day Flaw

Since mid-July 2025, Akira ransomware attacks have surged against SonicWall firewall devices, with experts citing a suspected zero-day vulnerability in SonicWall SSL VPNs that allows attackers to bypass security measures, including patches and multi-factor authentication. The Akira group, active since March 2023, has extorted over $42 million from more than 250 victims, including high-profile organizations, and now increasingly uses SonicWall devices as an entry vector. Attackers gain unauthorized access to fully updated devices, resulting in rapid data encryption and significant operational disruptions. While a zero-day flaw is suspected, researchers have not ruled out credential-based attacks such as brute force or credential stuffing. This campaign exemplifies broader ransomware trends, where double extortion—combining encryption and data theft—remains a common and effective tactic. Security experts recommend monitoring logs, enforcing MFA, and disabling vulnerable VPN services until official patches are available.