Search Results: AkiraRansomware

SonicWall's investigation reveals recent Akira ransomware attacks exploit an older SSLVPN vulnerability (CVE-2024-40766) rather than a new zero-day. The breach vector stems from customers failing to reset local passwords during Gen 6 to Gen 7 firewall migrations. Despite the vendor's assurances, administrators report contradictory evidence, fueling industry skepticism.

The Akira ransomware group is exploiting a legitimate Intel CPU tuning driver (rwdrv.sys) to disable Microsoft Defender in a sophisticated Bring Your Own Vulnerable Driver (BYOVD) attack. Security researchers observed this evasion tactic paired with SonicWall VPN targeting and trojanized software installers, underscoring critical supply chain risks.

SonicWall firewall devices are facing an escalating wave of Akira ransomware attacks, potentially leveraging an unpatched vulnerability in SSL VPN services. With threat actors rapidly encrypting networks after initial access and over $42 million in confirmed ransom payments, Arctic Wolf warns administrators to disable vulnerable services immediately.