SonicWall VPN

2025: Hardware outages due to critical holes through which hackers spread ransomware viruses

In early August 2025, SonicWall announced a notification of increased cyber incidents related to 7th generation SonicWall firewalls with SSL VPN support. Users of such devices are advised to disable them due to the risk of introducing a ransomware virus.

The attacks were reported at once by several organizations specializing in issues information security (information security), in particular, Arctic Wolf, Google Mandiant and Huntress. Attackers use malware Akira with features. enciphering Arctic Wolf officials said SonicWall devices with all updates installed are susceptible to attacks, indicating that hackers can exploit the zero-day vulnerability.

𝓲

Фото: Freepik

We are investigating these incidents to determine if they are related to a previously discovered vulnerability or if a new flaw may be the cause, SonicWall said in a notice.

Attacks on SonicWall devices using Akira have been recorded since approximately mid-July 2025. In some cases, attackers manage to gain control even over those systems that use multifactor authentication. Experts strongly recommend that all owners of 7th generation SonicWall firewalls disable SSL VPN services, as well as delete unused accounts.

This is not an isolated case. The speed and success of these attacks, even in environments with multifactor authentication enabled, indicate that cybercriminals are exploiting a previously unknown vulnerability, Huntress notes.

SonicWall has involved third-party information security experts in the investigation of the incidents. If the zero-day vulnerability is confirmed, the necessary software fix will be released.^[1]

Notes