A surge in Akira ransomware attacks targeting SonicWall SSL VPN connections has been observed since mid-July 2025, primarily exploiting unpatched versions of SonicOS. Attackers gain unauthorized access, often bypassing Multi-Factor Authentication (MFA), and can quickly escalate to data encryption and exfiltration within hours. SonicWall has issued patches for a critical zero-day vulnerability, but many devices remain vulnerable as of 2025.

Ongoing Akira ransomware attacks are successfully breaching SonicWall SSL VPN accounts even with one-time password (OTP) multi-factor authentication enabled. This exploitation is linked to previously stolen OTP seeds and an improper access control vulnerability (CVE-2024-40766), prompting SonicWall to recommend that administrators reset VPN credentials and ensure devices are running the latest firmware.

Hitachi Vantara took its servers offline to contain an Akira ransomware attack that disrupted some of its systems and affected multiple government projects. The company is working with cybersecurity experts to investigate the incident and restore services while confirming that its cloud services remain unaffected. The Akira ransomware operation, which has targeted numerous organizations globally, was identified as the source of the breach.