How to Save Your Router from VPNFilter

Posted on by Victor Salmon

Have you ever seen VPNFilter installed on your computer? Probably not as unlike most malware you’ll read about, it infects routers.

The FBI published on May 29, 2018 that since a half million US routers were infected, all small businesses and home owners should take action: at least reboot if not reset their routers as enough routers are infected and it’s believed rebooting may disrupt control of the infected devices.

Beyond resetting the router to factory settings, it’s also important to update router firmware to make sure you have as much protection as possible.

Unlike most infections that can happen to your non-computer devices (also called the Internet of Things or IoT for short), VPNFilter as an infection is (at first) small and innocuous. The first stage only establishes a connection and this connection survives reboots.

After the first stage, attackers can load dangerous plugins onto your device allowing them complete control of your router which includes your data. While attackers can “brick” or electronically destroy a device using a single command (meaning you might need to buy a new router), it’s the spying on your traffic including stealing website credentials that’s most dangerous, especially for small businesses.

It’s still worth unplugging your device and plugging it back in as it may temporarily reduce your risk (it eliminates the plugins, but they can be reloaded when your device boots as the VPNFilter connection remains).

The following devices copied from pcmag are said to be vulnerable by Symantec:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

Symantec also says “Upgrading RouterOS software deleted VPNFilter… and patch the vulnerability.”

 

Need help securing your data or sanitizing your router? We’re here to fix your I.T. problems and provide great service while we do it. You can submit a request for support, e-mail us directly, or if it can’t wait, we’re friendly on the phone too.