Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Since early August, there has been a significant increase in Fog and Akira ransomware intrusions targeting SonicWall SSL VPN users across various industries. The attacks appear opportunistic rather than targeting specific sectors. All affected devices lacked patches for CVE-2024-40766. Initial access involved VPN logins from VPS hosting IPs, with rapid progression to data encryption and exfiltration, often within hours. Shared infrastructure was observed across multiple intrusions. Defenders are advised to prioritize firmware updates, monitor for suspicious VPN logins, maintain secure offsite backups, and watch for post-compromise activities on endpoints.
OPENCTI LABELS :
vpn,ransomware,data exfiltration,initial access,fog,akira,cve-2024-40766,sonicwall
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN