Ransomware hackers attack SMBs being acquired to try and gain access to multiple companies

1. Pro
2. Security

Ransomware hackers attack SMBs being acquired to try and gain access to multiple companies News By Sead Fadilpašić published 26 November 2025

Acquired businesses come with an infection

Comments (0) ()

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

• ReliaQuest warns Akira ransomware often spreads via compromised assets inherited during mergers and acquisitions
• Most infections stem from unpatched SonicWall SSL VPN appliances, exploited for lateral movement and encryption
• SonicWall recently patched CVE-2025-40601, a high-severity buffer overflow flaw affecting Gen7 and Gen8 firewalls

Companies buy and sell other companies all the time, but besides the clients, earnings, a different market, or talented staff, buyers often get something unexpected with their acquisition, too - a ransomware infection.

Cybersecurity researchers ReliaQuest recently published a new report about how Akira ransomware infects its victims, noting in every attack it analyzed between June and October 2025, the company was infected through an asset it had previously acquired, that already had compromised hardware in its network.

• Amazon Black Friday deals are live: here are our picks!

"In these cases, the acquiring enterprises were unaware that these devices existed in their new environments, leaving critical vulnerabilities exposed," the blog reveals.

You may like

• This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware - so patch now
• Akira ransomware is now targeting Nutanix VMs - and scoring big rewards
• SonicWall VPN accounts breached by Akira ransomware -and even those using MFA are at risk

$60 offSave 75%Aura Family: was US$80 now US$20 at Aura Inc

Aura can protect your family with a plethora of features: Password Manager, ID theft protection, Antivirus, VPN, Parental Control and much more for just $20 per month!

View Deal

Which came first - infection, or acquisition news?

Most of the time, Akira compromised unpatched SonicWall SSL VPN appliances, the report found, after in mid-July 2025, news broke of a possible new vulnerability in the VPN solutions being abused by Akira to log in, move laterally, and deploy an encryptor.

By late September, multiple security outfits were warning about SonicWall SSL VPN device infiltrations, despite the devices being patched and users having MFA enabled.

The company has also released a patch for a high-severity vulnerability in its SonicOS SSL VPN service, and urged all users to update their firewalls immediately.

In a security advisory, SonicWall said it discovered a stack-based buffer overflow vulnerability which allows a remote, unauthenticated attacker to cause Denial of Service (DoS) and essentially crash the firewall.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

The vulnerability is now tracked as CVE-2025-40601 and was given a severity score of 7.5/10 (high). It impacts Gen8 and Gen7 firewalls, both hardware and virtual ones. Earlier models, such as Gen6 firewalls, or the SMA 1000 and SMA 100 series SSL VPN products, were said to be safe against this bug.

It was left unclear if Akira’s operators targeted businesses because they were being acquired, or if they were simply compromised because they ran vulnerable gear and just happened to be acquired later.

Via The Register

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware - so patch now    Akira ransomware is now targeting Nutanix VMs - and scoring big rewards    SonicWall VPN accounts breached by Akira ransomware -and even those using MFA are at risk    Even the most complex and advanced business VPN tools could still leave you at risk of attack - here's how to stay safe    SonicWall blames state hackers for damaging data breach    Interlock ransomware just keeps getting more powerful - here's how to stay safe    Latest in Security Emergency alert systems across US disrupted following OnSolve CodeRED cyberattack    SitusAMC hack may have exposed data at major financial heavyweights    Watch out coders - top code formatting sites are apparently exposing huge amounts of user data    Harvard University reveals data breach hitting alumni and donors    Hackers impersonate TechCrunch reporters to steal sensitive information - but you can always trust us    Black Friday shopping scams are on the rise - experts warn many new domains could be dodgy, here's what to look for    Latest in News Chat Control: EU lawmakers finally agree on the voluntary scanning of your private chats    How to watch Sidelined 2: Intercepted on Tubi (it's free)    The world's first 360-degree camera drone just got an on-sale date    Pluribus episode 5 ending explained: what did Carol see?    What's coming with the Meta Quest 4? We now have more of an idea    5 things you need to know about ChatGPT's big voice mode update    LATEST ARTICLES

1. 1Ransomware hackers attack SMBs being acquired to try and gain access to multiple companies
2. 2Need more space for your photos? This Carbonite cloud storage offer is a steal this Black Friday at 60% off
3. 3What protocols does Norton VPN offer? Mimic and more explained
4. 4Chat Control: EU lawmakers finally agree on the voluntary scanning of your private chats
5. 5HP set to cut thousands of staff as it announces major AI adoption project