SonicWall Probes Potential Zero-Day After Ransomware Hits

Akira Ransomware Exploited MFA-Protected SonicWall SSL VPNs, Say Researchers Mathew J. Schwartz (euroinfosec) • August 5, 2025

Ransomware-wielding attackers are actively exploiting multiple types of SonicWall devices, potentially by exploiting a zero-day vulnerability.

See Also: On Demand | Ransomware in 2025: Evolving Threats, Exploited Vulnerabilities, and a Unified Defense Strategy

"SonicWall is actively investigating a recent increase in reported cyber incidents involving a number of Gen 7 firewalls running various firmware versions with SSL VPN enabled," a spokesperson for the Milpitas, California-based vendor told Information Security Media Group.

A security alert published Monday came on the heels of multiple cybersecurity firms seeing a surge in attacks against Gen 7 firewalls, which appear to succeed even if multifactor authentication defenses are enabled. At least some of these attacks resulted in victims being infected with Akira ransomware.

The SonicWall spokesperson said the company is working with outside cybersecurity firms. "If ...