The U.S. government has issued an important announcement recommending that owners of small office and home office routers reboot their devices. Malware linked to Russia known as VPNFilter can affect vulnerable routers. VPNFilter is capable of multiple destructive processes, including the collection of personal data, blocking network traffic, managing and controlling devices, and router destruction or “bricking,” which means rendering a router inoperable.
Is your router vulnerable?
Owners should check the manufacturer of their router to compare with the list of known targeted devices. So far it has been determined that VPNFilter is capable of infecting Asus, D-Link, Huawei, Linksys, MikroTik, Netgear, TP-Link, Ubiquiti, Upvel, and ZTE routers, as well as QNAP network-attached storage (NAS) devices. Considering that this list may be updated going forward, it may be prudent to assume that any router may be targeted.
How do you know if your router is affected?
Authorities have begun to identify devices infected with VPNFilter and are taking the necessary steps to interrupt its activities. It may be difficult for you to determine if your router has been infected, so consider taking precautionary measures to minimize the damage caused by the spread of this destructive malware.
What is the fix?
Reset your device ASAP to remove non-persistent portions of the malware. Usually, pressing and holding the reset button will restore the router back to factory default settings and, in most cases, remove the malware. Before applying this solution; however, be sure to consult the device manufacturer instructions for resetting. Keep in mind that any customized configuration or credentials assigned to your router will be wiped clean during a reset.
In addition to resetting your router, update the firmware for your device model. Firmware is the software needed to operate the router and must be updated as fixes for identified vulnerabilities become available. If you are unfamiliar with doing this, seek support by visiting your device manufacturer’s website.
Thirdly, especially if this hasn’t already been done, changing your router’s vendor-supplied default user name and password should be considered. Commonly used factory-set default credentials for routers, such as “admin” and “password,” are generally available to anyone seeking them online, putting your device at risk of exploitation.
Further information
More information on VPNFilter, including rebooting routers and preventing second-stage malware, can be found from the United States Emergency Response Team (US-CERT), at https://www.us-cert.gov/ncas/alerts/TA18-145A, and from the FBI at https://www.ic3.gov/media/2018/180525.aspx.