Akira Ransomware bypasses MFA on SonicWall VPNs

The Akira ransomware campaign, active since July 2025, targets SonicWall SSL VPNs, bypassing OTP MFA, likely using stolen credentials or OTP seeds. Attackers exploit the CVE-2024-40766 vulnerability, moving rapidly within networks, searching for sensitive data, and deploying ransomware within hours. The report emphasizes resetting all SSL VPN and Active Directory credentials for affected accounts.