Particle.news

Download on the App Store

SonicWall Halts Cloud Backups After Breach Exposes Firewall Configurations

Immediate credential resets are required, with randomized preference files provided, with no leaks reported.

Overview

  • SonicWall says attackers brute‑forced individual MySonicWall accounts to access backup preference files rather than deploying ransomware.
  • Less than 5% of the firewall install base had cloud‑stored configurations accessed, with passwords encrypted but serial numbers and network details exposed.
  • The company disabled the backup feature, rotated internal keys, and brought in a third‑party incident response firm while notifying law enforcement.
  • Impacted customers are receiving new preference files that randomize local passwords, reset TOTP bindings, and regenerate IPsec VPN keys, with guidance for containment and log review.
  • SonicWall reports no evidence of leaks or weaponization to date, as the incident follows months of activity targeting SonicWall devices including Akira ransomware operations.