In this case, not only did the patch have to be installed, but the admin user password has to be changed immediately after, he said.
According to researchers at Veeam, “[Akira ransomware] has cemented its reputation as one of the most relentless and disruptive cyber threats affecting organizations today. Akira has held the number one spot for six straight quarters in Coveware by Veeam’s case data, and in 2024, it was responsible for 14% of all ransomware incidents.” Typically, the report added, gang members gain entry to an IT network, using stolen credentials, through exposed remote access services like VPNs and Windows RDP. After that, they copy data for use in extortion, and then go after VMware ESXi servers to encrypt data.
Robert Beggs, who heads the Canadian incident response firm Digital Defence, believes the Akira ransomware gang has developed an automated system for detecting and exploiting unpatched SonicWall firewalls.
