SonicWall urges customers to disable SSLVPN amid reports of ransomware attacks

SonicWall, a leading name in enterprise security, has issued an urgent recommendation for its customers to disable the SSLVPN feature on its latest firewall models. This advisory comes in response to increasing reports of ransomware attacks specifically targeting users of SonicWall's Generation 7 firewalls. The company highlighted a significant rise in security incidents associated with these devices when VPN access is enabled. In a recent statement, SonicWall confirmed that it is actively investigating these cases to determine whether they are linked to a previously known vulnerability or if a new, unreported flaw might be at play. The warning arrives as cybersecurity experts report that hackers are increasingly exploiting SonicWall devices to gain initial access to compromised networks. These devices, which are designed to act as digital gatekeepers for legitimate users, can become entry points for malicious actors if security vulnerabilities are present. Research from Arctic Wolf indicates that intrusions targeting SonicWall customers have been occurring since mid-July. The firm noted that evidence suggests the presence of a zero-day vulnerability, a flaw that has been exploited before it could be patched by the vendor. The timeline of attacks reveals a concerning correlation between the exploitation of the firewall and the deployment of ransomware, which locks users out of their data. Huntress Labs echoed these concerns, suggesting that a zero-day vulnerability in SonicWall firewalls is likely responsible for the recent attacks. They warned that the hackers exploiting this flaw have been able to access critical network components, such as domain controllers, which oversee devices and user access within a network. Furthermore, Huntress has pointed to the Akira ransomware group as a potential perpetrator of these attacks, noting their history of targeting enterprise-level security products to infiltrate large networks. This situation represents a severe and ongoing threat, and SonicWall's advisory underscores the importance of immediate action to safeguard network security.