Enterprise cybersecurity firm SonicWall has issued a high-priority warning urging customers to disable VPN functionality on its Generation 7 firewalls following a wave of ransomware attacks.
The alert comes after security researchers reported a noticeable uptick in cyber incidents specifically targeting SonicWall devices with VPN enabled. The company confirmed it’s actively investigating whether these breaches stem from a previously disclosed vulnerability or a potential new zero-day flaw.
SonicWall’s firewalls serve as vital entry points for legitimate remote access to enterprise networks. But cybercriminals have been increasingly exploiting weaknesses in these systems to launch ransomware attacks that lock files and disrupt operations.
Related: Google AI Tool ‘Big Sleep’ Detects 20 New Open Source Security Flaws
Cybersecurity firm Arctic Wolf traced the recent intrusions back to mid-July, warning that the attacks appear to leverage a zero-day vulnerability, a software flaw unknown to the vendor at the time of exploitation. According to Arctic Wolf, attackers gained access through the firewall and quickly deployed file-encrypting malware.
Another firm, Huntress Labs, confirmed these findings, stating the attackers have gained access to domain controllers, systems that manage user authentication and devices across networks. Huntress attributes some of the breaches to the Akira ransomware gang, a group previously linked to attacks exploiting vulnerabilities in Fortinet firewalls.
“The threat is both critical and ongoing,” the Huntress team emphasized in a recent blog post.
While SonicWall investigates the root cause, customers are advised to immediately disable VPN access on affected devices as a precautionary measure to prevent further compromises.
