Cybersecurity firms have identified a sharp increase in ransomware attacks across Australia and New Zealand, with the financially motivated Akira threat group exploiting a vulnerability in SonicWall SSL-VPN systems to target businesses of all sizes.
The campaign has prompted urgent warnings from incident response firm Atmos, digital forensics company CyberCX, and Lockton Australia’s Cyber Practice, who have observed multiple ransomware events in recent weeks. The attacks specifically target SonicWall Gen 7 firewalls through CVE-2024-40766, a vulnerability that SonicWall says it has “high confidence” correlates with the current activity.
Akira operates as a ransomware-as-a-service franchise, with affiliates conducting initial network breaches before deploying encryption tools and stealing sensitive data to force victim payments. Since emerging in 2023, the group has attacked more than 250 organisations globally and collected approximately US$42 million in ransoms, according to FBI and CISA reports.
“Akira tends to move fast from access to encryption and is well known for stealing data from systems,” the security briefing states. “In recent cases, we have seen this occur in under 10 hours.”
Atmos Intelligence has identified at least 800 victims listed on Akira’s data leak site, demonstrating the group’s extensive reach and aggressive tactics.
SonicWall updated its security guidance on Aug. 22, urging organisations to immediately upgrade to SonicOS 7.3.0 and implement strengthened multi-factor authentication controls. Additional recommended measures include resetting all local user passwords with SSL-VPN access, rotating LDAP credentials, enforcing MFA for remote access, and implementing IP restrictions.
The security firms warned that organisations should prepare for rapid containment responses, as Akira maintains short dwell times between initial access and data extortion. Companies are advised to ensure endpoint detection and response systems are deployed, log retention is adequate, and backup integrity is verified.
“Speed matters: several cases show short dwell time between access and extortion,” the briefing said, emphasising the need for immediate action rather than delayed responses.
Organisations using SonicWall SSL-VPN systems are urged to consult with IT teams or external security advisors to confirm protective measures have been implemented. The security community is monitoring capacity constraints as incident volumes increase across the region.
What steps do you think businesses should take to strengthen their defences against ransomware attacks? Share your insights in the comments below.
