Close Menu
Cybercrime and Ransomware

Fresh Surge of Akira Ransomware Targets SonicWall Firewalls

Staff WriterBy No Comments4 Mins Read3 Views

Fast Facts

  1. Researchers report a surge in Akira ransomware attacks exploiting a year-old vulnerability (CVE-2024-40766) in SonicWall firewalls, affecting multiple versions and configurations.
  2. Many breaches involve improperly configured or unpatched devices, with attackers exploiting default LDAP group settings and weak credentials to gain access.
  3. The outbreak has been linked specifically to attacks on SonicWall SSL VPNs, often targeting organizations with outdated or misconfigured firewalls.
  4. All recent attacks are attributed to Akira ransomware, which has extorted over $42 million from more than 250 victims since March 2023.

Problem Explained

Recent cybersecurity reports reveal a sharp rise in Akira ransomware attacks exploiting a vulnerability (CVE-2024-40766) in SonicWall firewalls, primarily targeting SSL VPN protocols. These attacks, detected since mid-July, have included around 40 incidents and continue to surge, according to Rapid7, a cybersecurity firm actively responding to the incidents. Many of the affected environments were found to be improperly configured after being upgraded from older firewall versions, allowing attackers to gain unauthorized access by exploiting default LDAP group settings and other misconfigurations. The Australian Cyber Security Centre also issued warnings about the targeting of Australian organizations with SonicWall SSL VPNs. The attackers—affiliated with the Akira ransomware group—typically steal data and encrypt systems to extort victims, inflicting significant damage and financial loss, with over $42 million extorted from more than 250 organizations since March 2023. SonicWall has previously addressed similar vulnerabilities but did not respond to specific requests regarding the latest exploits. The ongoing attacks illustrate how unpatched or misconfigured firewalls can leave organizations vulnerable to sophisticated ransomware campaigns, emphasizing the importance of proper updating and security practices to defend against such threats.

Potential Risks

Recent spikes in Akira ransomware attacks exploiting a one-year-old vulnerability (CVE-2024-40766) in SonicWall firewalls highlight escalating cyber risks with severe consequences. Between mid-July and early August, approximately 40 incidents targeted SonicWall devices, leveraging misconfigurations, outdated firmware, and default LDAP settings to overprovision access, facilitate credential theft, and exploit SSL VPN protocols. Rapid7 reports multiple weekly attacks since July, suggesting broader, underreported impacts, especially as many compromised systems retain improper configurations and unreset passwords post-migration. The attacks, primarily linked to Akira, involve data theft and system encryption aimed at extorting victims, with more than 250 organizations affected between March 2023 and January 2024, resulting in over $42 million in ransom payments. This pattern underscores the persistent danger posed by unpatched vulnerabilities and misconfigurations in security infrastructure, emphasizing the urgent need for timely patching, robust credential management, and vigilant monitoring to mitigate substantial operational and financial damages.

Possible Actions

Prompt response to SonicWall firewalls targeted by the recent Akira ransomware surge is crucial to minimizing damage, protecting sensitive data, and ensuring continuous network operations. Immediate remediation helps close vulnerabilities before attackers can exploit them, reducing the risk of widespread disruption.

Mitigation & Remediation

  • Update Firmware: Apply the latest security patches provided by SonicWall to defend against known vulnerabilities.
  • Review Access Controls: Limit administrative privileges and enforce strong authentication measures to prevent unauthorized access.
  • Deploy Intrusion Detection: Activate or enhance IDS/IPS systems to identify and block malicious activity early.
  • Conduct Vulnerability Scans: Regularly scan the network to identify and address potential weak points.
  • Isolate Affected Devices: Segregate compromised or vulnerable firewalls from core networks to contain potential spread.
  • Maintain Backups: Ensure recent, secure backups are available for quick restoration if needed.
  • User Awareness: Educate staff about phishing and other tactics used to initiate ransomware attacks.
  • Engage Security Experts: Consult cybersecurity professionals for tailored incident response and advanced threat mitigation strategies.

Stay Ahead in Cybersecurity

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Access world-class cyber research and guidance from IEEE.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.