BlueVoyant on the Recent SonicWall Ransomware Attacks

Security experts worldwide have heeded the call and rapidly responded to the reported Akira ransomware attacks against companies leveraging SonicWall VPN devices. This active threat requires immediate attention by creating new detections to enable immediate containment and remediation.

We are witnessing a step-by-step playbook deployed by attackers: after infiltrating a network, they burrow in deep, establish persistent command and control, and then systematically dismantle security defences. The ransomware strike is their finishing move – unleashing the Akira ransomware to encrypt and disrupt entire networks. The fallout of this type of attack can be business-ending, or at the very least involve data exfiltration, business interruption, or reputational damage.

This is no time for hesitation. SonicWall’s guidance is clear and non-negotiable: disable SSL VPN services wherever possible, enforce multi-factor authentication (MFA), prune out unused or dormant accounts, and enforce strong password policies. While MFA may not be a complete silver bullet, it adds a crucial speed bump to slow attackers down and still protects organisations from MOST incidents. Protecting your perimeter is vital – the cost of inaction is astronomical.

Organisations should also look beyond the walls of their infrastructure, as often supply chain vulnerabilities are the weakest links. It is important to reach out to third-party providers using SonicWall VPNs and press for immediate remediation to minimise the ripple effects of this surge. Awareness, collaboration, and hardened defences are the names of the game.

Now is the time to turn insights into action through harnessing advanced detection capabilities to counteract these attacks. The Akira ransomware gangs may be relentless, but so are we. Together, we have the tools, expertise, and persistence to overcome this evolving threat.