Akira Ransomware Hits SonicWall VPNs, Deploys Drivers to Bypass Security

GuidePoint Security uncovers a new Akira ransomware tactic targeting SonicWall VPNs. The group’s use of drivers to disable defenses is a significant threat to businesses.

A new report by cybersecurity firm GuidePoint Security reveals a clever new method used by the Akira ransomware group to attack computer networks. Researchers found that following initial access into systems, the hackers have been using two specific software drivers to secretly disable security tools, a key step before deploying their ransomware.

The discovery by GuidePoint Security, shared with Hackread.com, is considered a high-priority finding because it has been observed repeatedly in recent attacks by Akira, which has been exploiting security flaws in SonicWall VPNs since late July. This new insight gives companies a better chance to find and stop these attacks before they can cause major damage. The hacking group’s activity has been traced back to at least July 15, 2025 ...