Cyber security
Summary is AI-generated, newsdesk-reviewed
  • Akira ransomware exploiting SonicWall VPN vulnerabilities, affecting global organisations.
  • Patch application alone insufficient; enforce MFA, reset passwords, hunt for threats.
  • Ransomware incursions disrupt services, highlighting crucial need for robust VPN security.
Related Links

Global cyber risk consultancy S-RM has reported a sharp increase in ransomware incidents exploiting SonicWall firewall devices with SSL VPN enabled. The activity, tied to the Akira ransomware strain, is impacting organisations worldwide and has knock-on effects for everyday users.

The warning comes amid heightened national debate around the UK Government’s Online Safety Act and the security implications of VPN usage. S-RM says the latest attacks are a timely reminder that while VPNs can be essential security tools, poorly configured or incompletely patched VPN infrastructure can be a gateway for cybercriminals.

S-RM’s investigation

Key points from S-RM’s investigation include:

  • The Akira ransomware group is exploiting incomplete remediation of the earlier software vulnerabilities to gain initial access, even on devices that have been patched
  • Post-compromise tactics include privilege escalation on SQL servers, creation of local accounts, network reconnaissance, data exfiltration, and ransomware deployment
  • Files encrypted by Akira carry the extensions ‘.arika’ or ‘.akira’

Enterprise infrastructure breaches

Ted Cowell, Head of Cyber Security UK at S-RM, comments: “These cases show that patching alone is not a silver bullet. If you don’t reset credentials, enforce MFA across the board, and actively hunt for suspicious activity, you could already be compromised.”

While the attacks are aimed at enterprise infrastructure, the fallout doesn’t stop there. Breaches can cause service outages, lock people out of online banking, delay healthcare appointments, or disrupt remote work. The message is simple: whether you’re a business or an individual, VPN security matters – and the Online Safety Act debate should remind us that how we configure and maintain these tools is just as important as whether we use them.”

S-RM urges all organisations using SonicWall SSL VPNs to:

  • Update firmware to the latest version
  • Reset all user and service account passwords
  • Enforce MFA for all accounts
  • Remove unused accounts
  • Conduct immediate threat hunting for signs of compromise

Stay ahead of the trends on securing physical access control systems through layered cybersecurity practices.

Related white papers
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Combining security and networking technologies for a unified solution

Combining security and networking technologies for a unified solution

Download
System design considerations to optimize physical access control

System design considerations to optimize physical access control

Download
Related articles
How physical security consultants ensure cybersecurity for end users

How physical security consultants ensure cybersecurity for end users
How managed detection and response enhances cybersecurity management in organisations

How managed detection and response enhances cybersecurity management in organisations
Drawbacks of PenTests and ethical hacking for the security industry

Drawbacks of PenTests and ethical hacking for the security industry