The Download
Ransomware operators from both Akira and Fog groups are exploiting a vulnerability in SonicWall VPN tracked as CVE-2024-40766. Security company Arctic Wolf warned of at least 30 known intrusions through the VPN flaw by the two ransomware operators. This attack method allows ransomware actors to infiltrate corporate systems through vulnerable VPN configurations, leading to the encryption of critical files and demanding ransom payments, often in just a few hours from 1.5 to 10 hours in many cases. Over 75% of the attacks are attributed to the Akira ransomware group and the rest to Fog.
What You Can Do
To defend against this threat, IT administrators should immediately apply the latest security patches and firmware updates to all SonicWall VPN devices. They should also enforce multi-factor authentication (MFA) for VPN access, limit VPN connections to necessary personnel only, and regularly audit VPN configurations to ensure compliance with security best practices.
ThreatMate will continuously monitor attack surfaces for vulnerabilities and will run automated pen tests against firewalls and VPNs. Sign up today for your trial of ThreatMate.
To Learn More: