Many organizations may be facing significant security risks without being aware of them. Since 2024, Sonic Firewalls have had a known vulnerability. Communication from SonicWall to their end customers about this issue has been minimal.
Although a patch was released, a ransomware group called Akira began a major campaign targeting SonicWall SSL VPN devices in late July 2025. Small businesses have been the primary targets, with ransom demands ranging from $50,000 to $250,000 per company.
The FBI has reported that, as of April 2024, Akira had already collected over $42 million in ransom payments from more than 250 victims.
Over the past 12 weeks, our team has received an average of two to three calls each week from companies that have been hacked and are seeking assistance. Our forensic analysis consistently traces these incidents back to the known vulnerabilities in Sonic Firewalls.
The affiliates of the Akira group initially gain access to the network through the SSLVPN component of Sonic Firewalls. Once inside, they escalate their privileges to an elevated or service account, search for and extract sensitive files from network shares or file servers, and proceed to delete and stop any active backups.
The final stage involves deploying ransomware. In some cases, these attackers may only spend a few hours reviewing your files before locking up your computer systems—a process referred to as "bricking"—which can occur in hours rather than days.
If your organization is using a Sonic Firewall from Generation (or Series) 4 or 5, these devices are now classified as “End-of-Life” and must be replaced. For Generation (or Series) 6 devices, replacement is also recommended rather than continuing to pay for annual support just to receive the necessary patches. If you are using a Generation 7 device, you can download and apply the appropriate security patch.
For organizations using Sonic Firewall Series 7, it is essential to rotate passwords on all SonicWall local accounts, remove any unused accounts, and implement MFA/TOTP policies for SonicWall SSLVPN services. Additionally, administrators should update to the latest firmware and reset credentials on any device that previously operated with a vulnerable version.
If your organization is not using a Sonic Firewall Series 7 and you have security concerns or wish to discuss available options, our team is available to assist. We are proud to be a partner and member of Print United.
We offer a complimentary cybersecurity review of your network, devices, and email systems. The review results in a list of recommendations designed to protect your organization and ensure your ability to properly back up and restore data in case of any unforeseen event. You may choose to work with a local partner or our team.
If you have questions or would like to schedule a review, please reach out to us at: cybersecurity@clientsfirst-us.com