When you think about protecting your business, the last thing you expect is for your own security tools to become the weak point that opens the door to ransomware. Yet that’s exactly what’s happening. The recent wave of attacks by the Akira group made this painfully clear: a poorly managed solution can be just as dangerous as having no protection at all.
And if you work in technology, security, or lead any business area, this should concern you. Because it doesn’t just expose technical flaws—it also reveals organizational weaknesses affecting both large enterprises and SMEs.
It’s not the technology that fails. It’s how you manage it.
The trigger for this Akira campaign was CVE-2024-40766, a serious access control vulnerability in SonicWall’s SSL VPN system. It allowed attackers to connect as if they were legitimate users.
Although SonicWall released a patch in August 2024, many organizations failed to apply it in time. That created the perfect scenario: exposed systems, poor configurations, weak passwords, and lack of monitoring.
In short: the door was left open, and Akira walked right in.
Since mid-2025, unauthorized access via these VPNs has exploded. In some cases, only minutes passed between intrusion and ransomware deployment. The attack chain was that fast.
If you think multi-factor authentication (MFA) keeps you safe, this case may change your mind.
Akira managed to compromise accounts protected with MFA. How? By stealing the seeds used to generate OTP codes.
That means attackers could generate valid codes and log in unnoticed.
This highlights an uncomfortable truth: MFA is not foolproof if your configurations, tokens, or devices are outdated, poorly managed, or unprotected. In cybersecurity, no mechanism works in isolation—it all depends on the ecosystem around it.
Learn more: What are Network Monitoring Tools?
One of the most overlooked but dangerous issues in these attacks lies in mergers and acquisitions. When a company acquires another or merges infrastructure, rarely does it fully audit the inherited systems.
And that’s a recipe for disaster.
Many recent incidents happened in environments where:
Akira exploited this perfectly: an environment with no visibility, no updates, and no control.
When you plug in unvetted legacy infrastructure, you're connecting weaknesses straight to your core systems.
This campaign delivers a clear lesson: security doesn’t depend on your firewall’s brand—it depends on how you manage your environment.
If your organization doesn’t update, audit, monitor, or manage access properly, you’re vulnerable—no matter how premium your tools are.
At the bare minimum, your team should:
If your company isn’t doing this, it’s silently accumulating risk.
Akira emerged in March 2023 as a Ransomware-as-a-Service (RaaS) operation. Since then, it has rapidly grown and is now one of the most active and effective global threats.
Its operators, presumably Russian-speaking, show technical links to the now-defunct Conti group—though Akira is not considered a direct successor.
Their model is double extortion:
Their dark web leak site features retro design, victim-specific pages, and negotiation panels—used to publicly pressure organizations by leaking data samples.
Over 350 organizations across sectors like:
In Mexico, confirmed victims include: Recycla, Adrenalina, Corp BJR, Peñoles, Alpura, and AARCO.
Though sophisticated, Akira often uses simple but devastating entry points:
Once inside, they use legitimate tools to move laterally, disable backups, and encrypt both Windows, Linux, and ESXi systems—making detection harder.
Similar titles: New Security Features in the AWS Cloud
The key lesson is simple: Security tools don’t protect you if you don’t manage them well.
And if you integrate infrastructure without vetting it, you’re inviting ransomware in.
To avoid becoming the next headline:
No organization is off the radar.
Akira is showing that even “minor” oversights can lead to multi-million dollar incidents.
The SonicWall–Akira case reminds us of something critical: cybersecurity can’t be bought—it must be managed.
You can have the best tools on the market, but if you don’t govern them well, close access gaps, patch on time, and audit actively—you’ll stay exposed.
At TecnetOne, we always say:
Tools help—but only governance and good practices truly protect you.