Organizations leveraging SonicWall Gen 7 firewalls have been urged by SonicWall to deactivate SSL VPN services amid ransomware intrusions potentially involving a SonicWall zero-day, which have been underway since mid-July, reports BleepingComputer.
Akira ransomware attacks aimed at vulnerable SonicWall firewalls disclosed by Arctic Wolf, which were subsequently confirmed by Huntress researchers, should also prompt organizations to restrict SSL VPN connectivity to trusted IP addresses alone, allow Botnet Protection, Geo-IP Filtering, and other security services, bolster remote access with multi-factor authentication, and remove accounts that are no longer in use, said SonicWall in an advisory. Investigation into whether attacks against SonicWall VPNs involved an old flaw or a new security issue is already ongoing. Such a development comes weeks after SonicWall called for the immediate remediation of vulnerable SMA 100 appliances impacted by the critical remote code execution bug, tracked as CVE-2025-40599. Active exploitation of the SonicWall SMA 100 flaw has not been observed so far.
Akira ransomware attacks aimed at vulnerable SonicWall firewalls disclosed by Arctic Wolf, which were subsequently confirmed by Huntress researchers, should also prompt organizations to restrict SSL VPN connectivity to trusted IP addresses alone, allow Botnet Protection, Geo-IP Filtering, and other security services, bolster remote access with multi-factor authentication, and remove accounts that are no longer in use, said SonicWall in an advisory. Investigation into whether attacks against SonicWall VPNs involved an old flaw or a new security issue is already ongoing. Such a development comes weeks after SonicWall called for the immediate remediation of vulnerable SMA 100 appliances impacted by the critical remote code execution bug, tracked as CVE-2025-40599. Active exploitation of the SonicWall SMA 100 flaw has not been observed so far.
