SonicWall Warns Disable SSLVPN Amid Widespread Akira Ransomware Attacks

SonicWall has issued urgent advisories for customers to disable SSLVPN features on its Generation 7 firewalls following a surge in ransomware attacks linked to the Akira ransomware group. Security firms including Arctic Wolf and Huntress have observed a pattern of intrusions since mid-July 2025, with evidence suggesting a likely zero-day vulnerability that allows attackers to bypass multi-factor authentication and gain rapid access to domain controllers. These attacks have affected fully patched devices, indicating exploitation of an unknown security flaw rather than just compromised credentials. SonicWall is actively investigating whether the incidents relate to a previously disclosed vulnerability or a new one, while recommending enhanced protective measures such as botnet protection, geo-IP filtering, and strict MFA enforcement. Experts emphasize the growing threat of attackers focusing on VPN and firewall infrastructure, exploiting either undisclosed vulnerabilities or weak credential configurations to infiltrate enterprise networks. Organizations are advised to restrict SSLVPN access to essential users or disable it completely until a security patch is available, highlighting the critical risk posed by remote access infrastructure vulnerabilities.