25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Imminent Risk of Ransomware Attacks Exploiting Flaw in SonicWall SRA/SMA 100 Series VPN Appliances

Posted By on Jul 15, 2021

SonicWall has issued an urgent security notice warning users of its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running end-of-life firmware about an imminent ransomware campaign using stolen credentials.

The campaign exploits a known vulnerability in 8.x firmware on the devices. SonicWall patched the vulnerability in later versions of the firmware. All users of these devices that are still running the vulnerable firmware version have been advised to update to version 9.x or 10.x of the firmware immediately.

SonicWall became aware of threat actors targeting the vulnerability in SMA 100 series and SRA products through collaboration with trusted third parties. “The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk,” explained SonicWall.

Customers using end-of-life SMA or SRA devices running the vulnerable 8.x firmware should apply the update immediately or disconnect their appliances and reset passwords. EOL devices are:

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

  • SRA 4600/1600 (EOL 2019)
  • SRA 4200/1200 (EOL 2016)
  • SSL-VPN 200/2000/400 (EOL 2013/2014)

SMA 400/200 is still supported in Limited Retirement Mode. Users should update to 10.2.0.7-34 or 9.0.0.10 immediately, reset passwords, and enable MFA.

All known vulnerabilities have been corrected in the latest versions of 9.x or 10.x firmware and users of SMA 1000 series products are not affected. Users of these products should ensure they are running the most current firmware versions, should implement multi-factor authentication, and ensure that any future firmware updates are applied as soon as possible.

SMA 210/410/500v has not reached end of life and is actively supported but may still be running firmware versions with vulnerabilities discovered in 2021. Users running firmware 9.x should immediately update to 9.0.0.10-28sv or later and users of firmware 10.x should immediately update to 10.2.0.7-34sv or later.

Customers using end-of-life devices running the vulnerable version 8.x firmware who are not able to upgrade to 9.x or 10.x are being offered a complimentary virtual SMA 500v until October 31, 2021, which is still being supported.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist