Many organizations may be facing significant security risks without being aware of them. Since 2024, Sonic Firewalls have had a known vulnerability. Communication from SonicWall to their end customers about this issue has been minimal.
Although a patch was released, a ransomware group called Akira began a major campaign targeting SonicWall SSL VPN devices in late July 2025. Small businesses have been the primary targets, with ransom demands ranging from $50,000 to $250,000 per company.
The FBI has reported that, as of April 2024, Akira had already collected over $42 million in ransom payments from more than 250 victims.
Over the past 12 weeks, our team has received an average of two to three calls each week from companies that have been hacked and are seeking assistance. Our forensic analysis consistently traces these incidents back to the known vulnerabilities in Sonic Firewalls.
The affiliates of the Akira group initially gain access to the network through the SSLVPN component of Sonic Firewalls. Once inside, they escalate their privileges to an elevated or service account, search for and extract sensitive files from network shares or file servers, and proceed to delete and stop any active backups.
The final stage involves deploying ransomware. In some cases, these attackers may only spend a few hours reviewing your files before locking up your computer systems—a process referred to as "bricking"—which can occur in hours rather than days.
If your organization is using a Sonic Firewall from Generation (or Series) 4 or 5, these devices are now classified as “End-of-Life” and must be replaced. For Generation (or Series) 6 devices, replacement is also recommended rather than continuing to pay for annual support just to receive the necessary patches. If you are using a Generation 7 device, you can download and apply the appropriate security patch.
For organizations using Sonic Firewall Series 7, it is essential to rotate passwords on all SonicWall local accounts, remove any unused accounts, and implement MFA/TOTP policies for SonicWall SSLVPN services. Additionally, administrators should update to the latest firmware and reset credentials on any device that previously operated with a vulnerable version.
If your organization is not using a Sonic Firewall Series 7 and you have security concerns or wish to discuss available options, our team is available to assist. We are proud to be a partner and member of Print United.
Recent SonicWall vulnerabilities typically involve unauthorized access, remote code execution, or VPN exploitation.
Firewall vulnerabilities can create direct entry points into your network.
For many SMBs, the firewall is the first line of defense—if it fails, everything behind it is exposed.
Risk is usually tied to configuration, patching, and monitoring practices.
In real-world environments, most risks come from delayed updates or misconfiguration.
Immediate action is critical to reduce exposure.
Yes—but only when properly maintained.
The issue is rarely the platform itself—it’s how consistently it’s maintained.
In most deployments, security gaps come from process issues rather than technology limitations.
Firewall security should be an ongoing process.
Organizations that treat security as continuous—not periodic—reduce risk significantly.
Yes. SMBs are often targeted because they are easier to exploit.
Strong firewall security is no longer optional—it is foundational.
Firewall vulnerabilities are rarely just a firewall problem. They often expose broader gaps in patching, remote access, email security, backups, and recovery readiness.
That is why a practical cybersecurity review should look beyond a single device.
It should assess how your network, endpoints, and email systems work together, where risk is concentrated, and what steps will most effectively reduce exposure.
At Clients First, our complimentary cybersecurity review is designed to help you do exactly that.
We evaluate your environment and provide clear, prioritized recommendations to strengthen protection, improve resilience, and support your ability to back up and restore data in the event of an unexpected incident.
Whether you choose to work with your local IT partner or with our team, the goal is the same: give you a clearer view of your current risk and the next steps to improve security.
If you want to understand where your environment may be vulnerable, contact our team to schedule a complimentary cybersecurity review.