SonicWall cloud-backup remediation guidance
Advisory/Mitigation
Summary
Hide ▲
Show ▼
SonicWall issued updated remediation tools and guidance for customers affected by the cloud-backup exposure, directing admins to assess listed firewalls and reduce WAN exposure before updating credentials. The guidance matters because the stolen backup files included encrypted credentials and configuration data that could support future attacks. Customers are being told to act on the impacted devices identified in the MySonicWall portal.
Related Happenings
Akira group rapid double-extortion ransomware activity
Malware Activity
First: 02.04.2026 16:00
Last: 02.04.2026 16:00
Sources 1
About this happening:
**Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
Akira group rapid double-extortion ransomware activity
Malware ActivityAbout this happening: **Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
US District Court for the Eastern District of Texas complaint filed seeking damages against SonicWall on vendor-liability exposure over a cyber breach
Regulatory/Legal Action
First: 27.02.2026 00:02
Last: 27.02.2026 00:02
Sources 1
About this happening:
Marquis filed a **federal complaint** in **US District Court for the Eastern District of Texas** against **SonicWall**, seeking **damages** over a **data breach** it says the vend...
US District Court for the Eastern District of Texas complaint filed seeking damages against SonicWall on vendor-liability exposure over a cyber breach
Regulatory/Legal ActionAbout this happening: Marquis filed a **federal complaint** in **US District Court for the Eastern District of Texas** against **SonicWall**, seeking **damages** over a **data breach** it says the vend...
Marquis Software Solutions lawsuit against SonicWall over cybersecurity failures
Regulatory/Legal Action
First: 25.02.2026 17:54
Last: 25.02.2026 17:54
Sources 1
About this happening:
Marquis Software Solutions filed a lawsuit against **SonicWall**, alleging **gross negligence** and **misrepresentation** tied to a **ransomware attack** that disrupted operations...
Marquis Software Solutions lawsuit against SonicWall over cybersecurity failures
Regulatory/Legal ActionAbout this happening: Marquis Software Solutions filed a lawsuit against **SonicWall**, alleging **gross negligence** and **misrepresentation** tied to a **ransomware attack** that disrupted operations...
SonicWall MySonicWall cloud backup breach exposing firewall backup files
Data Leak
First: 29.01.2026 19:57
Last: 29.01.2026 19:57
Sources 1
How related:
"The investigation confirmed that an unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall's cloud backup service."
About this happening:
**SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...
SonicWall MySonicWall cloud backup breach exposing firewall backup files
Data LeakHow related: "The investigation confirmed that an unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall's cloud backup service."
About this happening: **SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...
Marquis Software Solutions hit by ransomware attack
Incident
First: 29.01.2026 19:57
Last: 29.01.2026 19:57
Sources 1
About this happening:
**Marquis Software Solutions** disclosed that its **August 14, 2025** ransomware attack exposed personal data tied to **74 U.S. banks and credit unions** and affected **over 400,0...
Marquis Software Solutions hit by ransomware attack
IncidentAbout this happening: **Marquis Software Solutions** disclosed that its **August 14, 2025** ransomware attack exposed personal data tied to **74 U.S. banks and credit unions** and affected **over 400,0...
Latest development: 18.03.2026 17:32
Marquis, a Texas-based financial services provider, disclosed that a ransomware gang stole personal and financial data from 672,075 people after an August 14, 2025 attack on a compromised SonicWall firewall, and the incident disrupted operations at 74 banks across the United States; breach notifications were filed in early December, and affected files were reviewed on December 10, 2025.
Timeline
-
08.10.2025 03:00 2 articles · 7mo ago
SonicWall releases remediation tools for exposed firewall backups
Mitigation Patch UpdateSonicWall released tools for device assessment and remediation, published updated final lists of impacted firewalls in the MySonicWall portal, and directed customers to disable or restrict WAN access before reviewing and updating credentials that were enabled at or before the backup time. SonicWall also said it had implemented additional security hardening measures and was working with Mandiant to improve cloud infrastructure and monitoring systems.
Show sources
- All SonicWall Cloud Backup Users Have Firewall Configuration Files Stolen — www.infosecurity-magazine.com — 09.10.2025 14:10
- SonicWall: Firewall configs stolen for all cloud backup customers — www.bleepingcomputer.com — 09.10.2025 17:13
-
17.09.2025 03:00 1 articles · 8mo ago
SonicWall discloses firewall cloud-backup exposure
Initial DisclosureSonicWall disclosed that unauthorized access to firewall preference files stored in the cloud affected around 5% of its firewall install base after suspicious activity targeting the firewall cloud backup service was first detected in early September 2025. The accessed backup files contained encrypted credentials and configuration data, and SonicWall warned that possession of the files could increase the risk of targeted attacks.
Show sources
- All SonicWall Cloud Backup Users Have Firewall Configuration Files Stolen — www.infosecurity-magazine.com — 09.10.2025 14:10