August 1, 2025 By Sergiu Gatlan
SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf.
Akira emerged in March 2023 and quickly claimed many victims worldwide across various industries. Over the last two years, Akira has added over 300 organizations to its dark web leak portal and claimed responsibility for multiple high-profile victims, including Nissan (Oceania and Australia), Hitachi, and Stanford University.
The FBI says the Akira ransomware gang has collected over $42 million in ransom payments as of April 2024 from more than 250 victims.
As Arctic Wolf Labs observed, multiple ransomware intrusions involved unauthorized access through SonicWall SSL VPN connections, starting on July 15. However, while a zero-day vulnerability being exploited in these attacks is very likely, Arctic Wolf has not ruled out credential-based attacks.
