"Researchers at Arctic Wolf are sounding the alarm about a ransomware campaign that has been ongoing since July 2025 and is still claiming victims. What started as a series of breaches via SonicWall firewalls has now grown into one of the fastest and most dangerous attacks currently in circulation. New research shows that even devices with the latest firmware remain vulnerable."
"The criminals behind Akira ransomware work with unprecedented speed. Whereas ransomware attacks normally require days or weeks of preparation, the attackers in this campaign often deploy their ransomware within an hour. This makes this threat particularly dangerous for organizations that do not monitor closely. The attacks begin with login attempts via SonicWall SSL VPNs. Shortly after successful access, scans of the internal network and attempts to penetrate further via Windows environments follow."
A ransomware campaign named Akira has been active since July 2025 and continues to affect organizations. The campaign originated through breaches of SonicWall firewalls and exploits CVE-2024-40766, with attackers able to use previously stolen passwords and OTP seeds. Attackers often gain access via SonicWall SSL VPN and proceed to scan internal networks and move laterally within minutes. Ransomware deployment frequently occurs within an hour and file encryption happens at record speed. Attackers target backup systems, including Veeam Backup & Replication, extracting stored passwords via PowerShell scripts. Reuse of stolen OTP seeds undermines MFA, leaving even fully updated devices at risk.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]