Ransomware Costs Spike: VPNs and SonicWall Exploited

/MEDIUM
Written by SCW Threat Desk Threat Intelligence
SCW israelmalwareransomwarecloud
Ransomware Costs Spike: VPNs and SonicWall Exploited

The 2026 InsurSec Report, published by At-Bay, reveals a concerning 7% increase in cyber insurance claims, with the average severity of damages per incident now estimated at a staggering $221,000. This isn’t just about financial loss; it reflects the real-world operational disruption and recovery costs organizations face.

Cyber Updates - Asher Tamam highlights that the average ransom payment has hit $508,000. A critical point for defenders: the majority of these attacks are leveraging VPN connections and SonicWall equipment. This points directly to the persistent exploitation of known vulnerabilities in perimeter devices, a low-hanging fruit for attackers that continues to pay dividends.

Cyber Updates - Asher Tamam further notes that small businesses and organizations with significant third-party exposure (customers, suppliers) are experiencing greater damages and more severe legal consequences. This underscores the expanded attack surface and the ripple effect breaches have beyond the initial target. Attackers know that compromising a smaller, less secure link in a supply chain can open doors to larger, more lucrative targets.

What This Means For You

  • If your organization relies on VPNs or SonicWall equipment, you need to immediately audit your patch management and configuration. Attackers are actively targeting these vectors because they are often neglected. Prioritize patching known vulnerabilities, enforce strong multi-factor authentication (MFA) on all remote access, and segment your network to limit lateral movement if a perimeter device is compromised. Don't be the low-hanging fruit.
πŸ›‘οΈ Am I exposed to this? Check if At-Bay impacts your environment β€” get SIEM detection rules instantly β†’

πŸ›‘οΈ Detection Rules

3 rules Β· 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β€” export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

SonicWall VPN Exploitation - Initial Access

Sigma YAML β€” free preview

Source: Shimi's Cyber World Β· License & reuse

βœ“ Sigma Β· Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM β†’

Written by SCW Threat Desk

Take action on this incident
πŸ“‘ Monitor at-bay.com Free Β· 1 watchlist slot Β· instant alerts on new breaches πŸ” Threat intel on At-Bay All breaches, IOCs & vendor exposure

Related Posts

Bitwarden CLI npm Package Briefly Compromised in Supply Chain Attack

Bitwarden recently disclosed that a malicious package was briefly distributed via the npm delivery path for `@bitwarden/cli@2026.4.0`. This incident, which Cyber News - Erez Dasa...

israel
/SCW Threat Desk /MEDIUM /⚙ 3 Sigma

Cyera Acquires Ryft for Over $100M in Israeli Cybersecurity Exit

Cyera, a data security startup, has acquired Ryft, a fellow Israeli company specializing in data security and compliance, for over $100 million. This acquisition marks...

israel
/SCW Threat Desk /MEDIUM

Supply Chain Attack Targets Checkmarx Software Packages

The Israel National Cyber Directorate (INCD) has issued an alert regarding a supply chain attack that compromised several software packages maintained by Checkmarx. Malicious code...

INCDisraeladvisoryalert
/MEDIUM /⚑ 1 IOC /⚙ 3 Sigma