SonicWall firewall devices hit in surge of Akira ransomware attacks www.bleepingcomputer.com/news/secu…

SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf. Akira emerged in March 2023 and quickly claimed many victims worldwide across various industries. Over the last two years, Akira has added over 300 organizations to its dark web leak portal and claimed responsibility for multiple high-profile victims, including Nissan (Oceania and Australia), Hitachi, and Stanford University.

The FBI says the Akira ransomware gang has collected over $42 million in ransom payments as of April 2024 from more than 250 victims. As Arctic Wolf Labs observed, multiple ransomware intrusions involved unauthorized access through SonicWall SSL VPN connections, starting on July 15. However, while a zero-day vulnerability being exploited in these attacks is very likely, Arctic Wolf has not ruled out credential-based attacks.

“The initial access methods have not yet been confirmed in this campaign,” the Arctic Wolf Labs researchers cautioned. “While the existence of a zero-day vulnerability is highly plausible, credential access through brute force, dictionary attacks, and credential stuffing have not yet been definitively ruled out in all cases.”