Hackers Bypass SonicWall Security to Deploy Akira Ransomware in Lightning-Fast Attacks

Cybercriminals exploit SonicWall firewalls to deploy Akira ransomware in 55 minutes, targeting organizations since July 2025.

By Content Team

Sep 28, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals are exploiting SonicWall firewalls to deploy Akira ransomware, moving from initial breach to full encryption in as little as 55 minutes. Arctic Wolf Labs detected this ongoing campaign that began in late July 2025, targeting organizations across multiple sectors.

The attackers gain access through stolen SSL VPN credentials linked to CVE-2024-40766, a vulnerability from 2024. Even devices with multi-factor authentication and current patches are being compromised because hackers are using previously harvested credentials.

Once inside, attackers quickly scan networks, create admin accounts, disable security software, steal data, and deploy ransomware. Arctic Wolf urges organizations to immediately reset all SSL VPN credentials and monitor for suspicious logins from hosting providers.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

AI Recruiting Firm Mercor Hit by Major Supply Chain Attack

Apr 2, 2026

Hackers Exploit React2Shell Flaw to Steal Credentials from 766+ Systems Worldwide

Apr 7, 2026

Iranian Hackers Target US Medical Giant in Cyber Retaliation

Mar 16, 2026

Russian Hackers Target UK Internet Routers for Espionage Operations

Apr 9, 2026