Fog and Akira Ransomware Target SonicWall VPNs to Infiltrate Corporate Networks

The Fog and Akira ransomware groups are actively exploiting a critical vulnerability (CVE-2024-40766) in SonicWall VPNs to gain entry into corporate networks. Although SonicWall issued a fix in August 2024, Arctic Wolf has since reported that Akira and Fog ransomware affiliates have used this flaw in at least 30 attacks. Roughly 75% of the breaches were attributed to Akira, with the remainder linked to Fog, highlighting ongoing collaboration between the groups. Researchers found that most targeted organizations had vulnerable, unpatched SonicWall VPN endpoints, often lacking multi-factor authentication. Attackers quickly escalated to data encryption, often within hours, focusing on virtual machines and backups. Data theft mainly involved recent documents, leaving older files untouched. Recently, researcher Yutaka Sejiyama estimated 168,000 SonicWall endpoints are still exposed, with indications that other ransomware groups, like Black Basta, may also be using this flaw to launch attacks. Read more...