Recently, the cybersecurity community became aware of a security incident involving a third-party firewall vendor’s cloud-hosted backup service. This incident involved unauthorized access to cloud-stored configuration backup files; it was not reported as an exploitation of SonicOS or firewall hardware.
This exposure has had severe real‑world consequences for organizations using SonicWall’s cloud backup service. Recent data shows:
+300% increase in SonicWall-related ransomware incidents in 2025
Escalation from initial access to full encryption in as little as 1 hour (avg. 1.5 days).
Average ransom demand: $958K | Average payment: $484K (≈ 4.5× higher than typical)
Even with EDR, MFA, and patching, attacks are still succeeding
These backup files can contain sensitive information such as network layouts, firewall rules, VPN configurations, and encrypted credentials. While encryption helps protect secrets, configuration data alone can provide attackers with valuable insight into how a network is designed and defended.
The vendor identified unauthorized access to its cloud backup platform.
Further investigation revealed that all customers who had used the cloud backup feature were impacted, not just a limited subset.
The exposed data consisted of firewall configuration backups, not customer business data.
Customers were advised to remove cloud backups, rotate credentials, and review firewall security settings.
Firewall configurations are effectively blueprints of your security perimeter. If attackers obtain them, they can:
Better understand how a network is segmented
Identify exposed services or management interfaces
Target VPNs or remote access more effectively
Accelerate ransomware or intrusion attempts
CorpInfoTech does not rely on firewalls alone. Client environments are protected with layered controls including endpoint detection and response (EDR/MDR), secure identity management, and continuous monitoring. Our secure backup practices encrypt, and store critical backups securely and regularly validate restoration and recovery processes.
As a compliance-focused MSSP, we align our controls with recognized frameworks (including NIST and CMMC practices), helping clients meet both regulatory and cyber-insurance expectations. As a CIS Accredited organization, we have externally validated our ability to implement industry standard security frameworks in both our clients and our own environments.
No single vendor or tool can guarantee security. What matters is how risks are managed, monitored, and mitigated over time. CorpInfoTech continuously evaluates vendor incidents, threat intelligence, and insurance trends to proactively protect our clients — not just from today’s threats, but from tomorrow’s as well.
If you have concerns about your firewall configurations, backup strategy, or overall security posture, CorpInfoTech’s CIS Controls and NIST-focused team is ready to review your environment, validate controls, and help you harden your defenses.
CorpInfoTech, a Managed Service Provider (MSP) with over 25 years in the SMB space, is a trusted partner for business pursuing compliance and cybersecurity. We are a CMMC Level 2 (C3PAO) certified MSP and a Cyber AB Registered Provider Organization (RPO). Also, as the first CIS accredited organization, we help organizations implement the CIS controls as it pertains to CMMC and your overall cybersecurity posture. CorpInfoTech is your trusted partner for secure, compliant growth in every changing digital landscape.