Akira ransomware crims abusing trifecta of SonicWall security holes for extortion attacks

Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day flaw actually turned out to be related to a year-old bug.

Akira is also poking holes in SonicWall SSLVPN misconfigurations, abusing all of these security risks to gain access to vulnerable devices and conduct ransomware attacks, according to a Rapid7 warning on Wednesday.

"The number of Rapid7 customers utilizing SonicWall appliances is in the hundreds, and we've already responded to a double-digit number of customer incidents stemming from one or more of the three threats we've outlined in today's advisory," the Rapid7 incident response team told The Register. "Therefore, we think there is a potential for widespread industry impact here."

The attacks are tied to CVE-2024-40766, a 9.8 CVSS-rated improper access control flaw originally disclosed in August 2024. Both Akira and Fog ransomware criminals used this ...