CVE-2024-40766, a SonicWall SonicOS improper access control vulnerability previously associated with the Akira ransomware group, is the confirmed initial access vector in the Marquis financial-sector ransomware attack that cascaded across 74 US banks and credit unions via shared credential exposure. Post-patch persistence was achieved via stolen VPN credentials, indicating that patching alone is insufficient — OTP seed rotation and stale privileged account removal are required remediation steps.