{"id":1695,"date":"2025-11-19T08:49:22","date_gmt":"2025-11-19T07:49:22","guid":{"rendered":"https:\/\/www.antivirusedition.com\/blog\/?p=1695"},"modified":"2025-11-19T08:49:29","modified_gmt":"2025-11-19T07:49:29","slug":"ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter","status":"publish","type":"post","link":"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html","title":{"rendered":"Ransomware Akira : la faille SonicWall qui d\u00e9sactive Microsoft Defender (et comment l\u2019arr\u00eater)"},"content":{"rendered":"\n<p><strong>Alerte cybers\u00e9curit\u00e9<\/strong> : Akira, un ransomware redoutable, contourne vos antivirus gr\u00e2ce \u00e0 une faille SonicWall (CVE-2024-40766). Moins de 40 entreprises sont d\u00e9j\u00e0 touch\u00e9es. Prot\u00e9gez-vous maintenant avec nos conseils pratiques.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"1024\" src=\"https:\/\/www.antivirusedition.com\/blog\/wp-content\/uploads\/2025\/11\/Faille-de-securite-1024x1024.png\" alt=\"\" class=\"wp-image-1986\" srcset=\"https:\/\/www.antivirusedition.com\/blog\/wp-content\/uploads\/2025\/11\/Faille-de-securite-1024x1024.png 1024w, https:\/\/www.antivirusedition.com\/blog\/wp-content\/uploads\/2025\/11\/Faille-de-securite-300x300.png 300w, https:\/\/www.antivirusedition.com\/blog\/wp-content\/uploads\/2025\/11\/Faille-de-securite-150x150.png 150w, https:\/\/www.antivirusedition.com\/blog\/wp-content\/uploads\/2025\/11\/Faille-de-securite-768x768.png 768w, https:\/\/www.antivirusedition.com\/blog\/wp-content\/uploads\/2025\/11\/Faille-de-securite.png 1080w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Un nouveau mode op\u00e9ratoire inqui\u00e9tant<\/h2>\n\n\n\n<p>Le <strong>ransomware Akira<\/strong> cible d\u00e9sormais les entreprises en exploitant les <strong>VPN SSL SonicWall<\/strong> afin de p\u00e9n\u00e9trer les r\u00e9seaux et neutraliser les protections antivirus. Son objectif : d\u00e9sactiver <strong>Microsoft Defender<\/strong> et les solutions EDR pour chiffrer les donn\u00e9es.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Une attaque par pilote vuln\u00e9rable (BYOD)<\/h2>\n\n\n\n<p>Les chercheurs de <strong>Guidepoint Security<\/strong> ont d\u00e9couvert qu\u2019Akira utilise une technique dite <strong>Bring Your Own Vulnerable Driver (BYOD)<\/strong>.<\/p>\n\n\n\n<ul>\n<li><strong>rwdrv.sys<\/strong> : un pilote Windows l\u00e9gitime (<em>ThrottleStop<\/em>) exploit\u00e9 pour ex\u00e9cuter un autre pilote.<\/li>\n\n\n\n<li><strong>hlpdrv.sys<\/strong> : un pilote malveillant qui modifie le registre Windows afin de d\u00e9sactiver Defender.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Une faille d\u00e9j\u00e0 connue<\/h2>\n\n\n\n<p>Contrairement aux premi\u00e8res rumeurs, Akira n\u2019exploite pas une faille <em>zero-day<\/em> mais la vuln\u00e9rabilit\u00e9 <strong>CVE-2024-40766<\/strong>, d\u00e9j\u00e0 document\u00e9e par SonicWall. Moins de 40 entreprises seraient touch\u00e9es, principalement lors de migrations de pare-feux <strong>Gen 6<\/strong> vers <strong>Gen 7<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Mesures de protection recommand\u00e9es<\/h2>\n\n\n\n<ul>\n<li>Mettre \u00e0 jour vers <strong>SonicOS 7.3.0<\/strong> avec MFA renforc\u00e9<\/li>\n\n\n\n<li>Changer imm\u00e9diatement les identifiants h\u00e9rit\u00e9s<\/li>\n\n\n\n<li>Renforcer la surveillance des acc\u00e8s VPN<\/li>\n\n\n\n<li>Utiliser une solution antivirus avanc\u00e9e compatible avec la d\u00e9tection de pilotes malveillants comme <a href=\"https:\/\/www.antivirusedition.com\/avast_ultimate_business_security.php\">Avast Ultimate Business Security<\/a>.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p class=\"qua-blog-post-description\">Alerte cybers\u00e9curit\u00e9 : Akira, un ransomware redoutable, contourne vos antivirus gr\u00e2ce \u00e0 une faille SonicWall (CVE-2024-40766). Moins de 40 entreprises sont d\u00e9j\u00e0 touch\u00e9es. Prot\u00e9gez-vous maintenant avec nos conseils pratiques. Un nouveau mode op\u00e9ratoire inqui\u00e9tant Le ransomware Akira cible d\u00e9sormais les entreprises en exploitant les VPN SSL SonicWall afin de p\u00e9n\u00e9trer les r\u00e9seaux et neutraliser les [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"sfsi_plus_gutenberg_text_before_share":"","sfsi_plus_gutenberg_show_text_before_share":"","sfsi_plus_gutenberg_icon_type":"","sfsi_plus_gutenberg_icon_alignemt":"","sfsi_plus_gutenburg_max_per_row":""},"categories":[1],"tags":[],"aioseo_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Ransomware Akira : la faille SonicWall qui d\u00e9sactive Microsoft Defender (et comment l\u2019arr\u00eater) - Blog Avast Antivirus<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware Akira : la faille SonicWall qui d\u00e9sactive Microsoft Defender (et comment l\u2019arr\u00eater) - Blog Avast Antivirus\" \/>\n<meta property=\"og:description\" content=\"Alerte cybers\u00e9curit\u00e9 : Akira, un ransomware redoutable, contourne vos antivirus gr\u00e2ce \u00e0 une faille SonicWall (CVE-2024-40766). Moins de 40 entreprises sont d\u00e9j\u00e0 touch\u00e9es. Prot\u00e9gez-vous maintenant avec nos conseils pratiques. Un nouveau mode op\u00e9ratoire inqui\u00e9tant Le ransomware Akira cible d\u00e9sormais les entreprises en exploitant les VPN SSL SonicWall afin de p\u00e9n\u00e9trer les r\u00e9seaux et neutraliser les [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html\" \/>\n<meta property=\"og:site_name\" content=\"Blog Avast Antivirus\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-19T07:49:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-19T07:49:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.antivirusedition.com\/blog\/wp-content\/uploads\/2025\/11\/Faille-de-securite-1024x1024.png\" \/>\n<meta name=\"author\" content=\"La r\u00e9daction\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"La r\u00e9daction\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html\",\"url\":\"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html\",\"name\":\"Ransomware Akira : la faille SonicWall qui d\u00e9sactive Microsoft Defender (et comment l\u2019arr\u00eater) - Blog Avast Antivirus\",\"isPartOf\":{\"@id\":\"https:\/\/www.antivirusedition.com\/blog\/#website\"},\"datePublished\":\"2025-11-19T07:49:22+00:00\",\"dateModified\":\"2025-11-19T07:49:29+00:00\",\"author\":{\"@id\":\"https:\/\/www.antivirusedition.com\/blog\/#\/schema\/person\/a54a4f38b10ec1a05165b83d04497ced\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.antivirusedition.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware Akira : la faille SonicWall qui d\u00e9sactive Microsoft Defender (et comment l\u2019arr\u00eater)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.antivirusedition.com\/blog\/#website\",\"url\":\"https:\/\/www.antivirusedition.com\/blog\/\",\"name\":\"Blog Avast Antivirus\",\"description\":\"Un site utilisant WordPress\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.antivirusedition.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.antivirusedition.com\/blog\/#\/schema\/person\/a54a4f38b10ec1a05165b83d04497ced\",\"name\":\"La r\u00e9daction\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.antivirusedition.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e6755335dcf2cb437433135e9ceb6c74?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e6755335dcf2cb437433135e9ceb6c74?s=96&d=mm&r=g\",\"caption\":\"La r\u00e9daction\"},\"url\":\"https:\/\/www.antivirusedition.com\/blog\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware Akira : la faille SonicWall qui d\u00e9sactive Microsoft Defender (et comment l\u2019arr\u00eater) - Blog Avast Antivirus","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html","og_locale":"fr_FR","og_type":"article","og_title":"Ransomware Akira : la faille SonicWall qui d\u00e9sactive Microsoft Defender (et comment l\u2019arr\u00eater) - Blog Avast Antivirus","og_description":"Alerte cybers\u00e9curit\u00e9 : Akira, un ransomware redoutable, contourne vos antivirus gr\u00e2ce \u00e0 une faille SonicWall (CVE-2024-40766). Moins de 40 entreprises sont d\u00e9j\u00e0 touch\u00e9es. Prot\u00e9gez-vous maintenant avec nos conseils pratiques. Un nouveau mode op\u00e9ratoire inqui\u00e9tant Le ransomware Akira cible d\u00e9sormais les entreprises en exploitant les VPN SSL SonicWall afin de p\u00e9n\u00e9trer les r\u00e9seaux et neutraliser les [&hellip;]","og_url":"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html","og_site_name":"Blog Avast Antivirus","article_published_time":"2025-11-19T07:49:22+00:00","article_modified_time":"2025-11-19T07:49:29+00:00","og_image":[{"url":"https:\/\/www.antivirusedition.com\/blog\/wp-content\/uploads\/2025\/11\/Faille-de-securite-1024x1024.png"}],"author":"La r\u00e9daction","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"La r\u00e9daction","Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html","url":"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html","name":"Ransomware Akira : la faille SonicWall qui d\u00e9sactive Microsoft Defender (et comment l\u2019arr\u00eater) - Blog Avast Antivirus","isPartOf":{"@id":"https:\/\/www.antivirusedition.com\/blog\/#website"},"datePublished":"2025-11-19T07:49:22+00:00","dateModified":"2025-11-19T07:49:29+00:00","author":{"@id":"https:\/\/www.antivirusedition.com\/blog\/#\/schema\/person\/a54a4f38b10ec1a05165b83d04497ced"},"breadcrumb":{"@id":"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.antivirusedition.com\/blog\/ransomware-akira-la-faille-sonicwall-qui-desactive-microsoft-defender-et-comment-larreter-1695.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.antivirusedition.com\/blog"},{"@type":"ListItem","position":2,"name":"Ransomware Akira : la faille SonicWall qui d\u00e9sactive Microsoft Defender (et comment l\u2019arr\u00eater)"}]},{"@type":"WebSite","@id":"https:\/\/www.antivirusedition.com\/blog\/#website","url":"https:\/\/www.antivirusedition.com\/blog\/","name":"Blog Avast Antivirus","description":"Un site utilisant WordPress","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.antivirusedition.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/www.antivirusedition.com\/blog\/#\/schema\/person\/a54a4f38b10ec1a05165b83d04497ced","name":"La r\u00e9daction","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.antivirusedition.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e6755335dcf2cb437433135e9ceb6c74?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e6755335dcf2cb437433135e9ceb6c74?s=96&d=mm&r=g","caption":"La r\u00e9daction"},"url":"https:\/\/www.antivirusedition.com\/blog\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.antivirusedition.com\/blog\/wp-json\/wp\/v2\/posts\/1695"}],"collection":[{"href":"https:\/\/www.antivirusedition.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.antivirusedition.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.antivirusedition.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.antivirusedition.com\/blog\/wp-json\/wp\/v2\/comments?post=1695"}],"version-history":[{"count":2,"href":"https:\/\/www.antivirusedition.com\/blog\/wp-json\/wp\/v2\/posts\/1695\/revisions"}],"predecessor-version":[{"id":1987,"href":"https:\/\/www.antivirusedition.com\/blog\/wp-json\/wp\/v2\/posts\/1695\/revisions\/1987"}],"wp:attachment":[{"href":"https:\/\/www.antivirusedition.com\/blog\/wp-json\/wp\/v2\/media?parent=1695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.antivirusedition.com\/blog\/wp-json\/wp\/v2\/categories?post=1695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.antivirusedition.com\/blog\/wp-json\/wp\/v2\/tags?post=1695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}