1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Ransomware hackers attack SMBs being acquired to try and gain acc

    From TechnologyDaily@1337:1/100 to All on Wednesday, November 26, 2025 16:30:09
    Ransomware hackers attack SMBs being acquired to try and gain access to multiple companies

    Date:
    Wed, 26 Nov 2025 16:27:00 +0000

    Description:
    Many businesses acquired over the summer came with an infection, which then spilled over to the buyer's network.

    FULL STORY ======================================================================ReliaQue st warns Akira ransomware often spreads via compromised assets inherited during mergers and acquisitions Most infections stem from unpatched SonicWall SSL VPN appliances, exploited for lateral movement and encryption SonicWall recently patched CVE-2025-40601, a high-severity buffer overflow flaw affecting Gen7 and Gen8 firewalls

    Companies buy and sell other companies all the time, but besides the clients, earnings, a different market, or talented staff, buyers often get something unexpected with their acquisition, too - a ransomware infection.

    Cybersecurity researchers ReliaQuest recently published a new report about
    how Akira ransomware infects its victims, noting in every attack it analyzed between June and October 2025, the company was infected through an asset it had previously acquired, that already had compromised hardware in its
    network.

    "In these cases, the acquiring enterprises were unaware that these devices existed in their new environments, leaving critical vulnerabilities exposed," the blog reveals.

    Aura can protect your family with a plethora of features: Password Manager,
    ID theft protection, Antivirus, VPN, Parental Control and much more for just $20 per month! View Deal Which came first - infection, or acquisition news?

    Most of the time, Akira compromised unpatched SonicWall SSL VPN appliances, the report found, after in mid-July 2025, news broke of a possible new vulnerability in the VPN solutions being abused by Akira to log in, move laterally, and deploy an encryptor.

    By late September, multiple security outfits were warning about SonicWall SSL VPN device infiltrations, despite the devices being patched and users having MFA enabled.

    The company has also released a patch for a high-severity vulnerability in
    its SonicOS SSL VPN service, and urged all users to update their firewalls immediately.

    In a security advisory, SonicWall said it discovered a stack-based buffer overflow vulnerability which allows a remote, unauthenticated attacker to cause Denial of Service (DoS) and essentially crash the firewall.

    The vulnerability is now tracked as CVE-2025-40601 and was given a severity score of 7.5/10 (high). It impacts Gen8 and Gen7 firewalls, both hardware and virtual ones. Earlier models, such as Gen6 firewalls, or the SMA 1000 and SMA 100 series SSL VPN products, were said to be safe against this bug.

    It was left unclear if Akiras operators targeted businesses because they were being acquired, or if they were simply compromised because they ran
    vulnerable gear and just happened to be acquired later.

    Via The Register

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ransomware-hackers-attack-smbs-being-ac quired-to-try-and-gain-access-to-multiple-companies


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)