ARTICLE
14 August 2025

Ransomware Attacks Target SonicWall Firewall Vulnerability

SH
Shook, Hardy & Bacon

Contributor

Shook, Hardy & Bacon logo

Shook, Hardy & Bacon has long been recognized as one of the premier litigation firms in the country. For more than a century, the firm has defended companies in their most substantial national and international products liability, mass tort and complex litigation matters.

The firm has leveraged its complex product liability litigation expertise to expand into several other practice areas and advance its mission of “being the best in the world at providing creative and practical solutions at unsurpassed value.” As a result, the firm has built nationally recognized practices in areas such as intellectual property, environmental and toxic tort, employment litigation, commercial litigation, government enforcement and compliance, and public policy.

Explore Firm Details
Over the past week, a large number of attacks by the ransomware group Akira have been reported, where the initial attack vector seems to be SonicWall firewalls...
United States Technology
Colman McCarthy,Camila Tobón,Josh Hansen
+4 Authors
Colman McCarthy’s articles from Shook, Hardy & Bacon are most popular:
  • within Technology topic(s)
  • in United States
  • with readers working within the Advertising & Public Relations, Banking & Credit and Technology industries
Shook, Hardy & Bacon are most popular:
  • within Technology, Criminal Law and Environment topic(s)

Over the past week, a large number of attacks by the ransomware group Akira have been reported, where the initial attack vector seems to be SonicWall firewalls (Gen 7 and newer) with SSLVPN enabled. Yesterday, SonicWall issued updated guidance on the activity. The guidance states that SonicWall believes this activity is not connected to a zero-day vulnerability, but is rather associated with a previously reported vulnerability, CVE-2024-40766, addressed in SonicWall's public advisory SNWLID-2024-0015.

The guidance goes on to "strongly urge" SonicWall customers to employ the following measures:

  • Update firmware to version 7.3.0, which includes enhanced protections against brute force attacks and additional multi-factor authentication (MFA) controls. SonicWall has provided a firmware update guide.
  • Reset all local user account passwords for any accounts with SSLVPN access, especially if they were carried over during migration from Gen 6 to Gen 7.
  • Continue applying the previously recommended best practices:

Previously, on August 4, SonicWall had recommended the following:

  • Disable SSLVPN services where practical.
  • Limit SSLVPN connectivity to trusted source IPs.
  • Enable security services.
    • Activate services such as Botnet Protection and Geo-IP Filtering.
    • These help detect and block known threat actors targeting SSLVPN endpoints.
  • Enforce MFA.
    • Enable MFA for all remote access to reduce the risk of credential abuse.
  • Remove unused accounts.
    • Delete any inactive or unused local user accounts on the firewall
    • Pay special attention to those with SSLVPN access.
  • Practice good password hygiene.
    • Encourage regular password updates across all user accounts.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Colman McCarthy
Colman McCarthy
Photo of Camila Tobón
Camila Tobón
Photo of Jonathan L. Wilson
Jonathan L. Wilson
Photo of Josh Hansen
Josh Hansen
Photo of Lindsey Knapton
Lindsey Knapton
Photo of Brandon M. Large
Brandon M. Large
Photo of Emily Pedersen
Emily Pedersen
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More