VPN Filter Malware Affects More Than 70 Router Models
FBI urges homes, businesses to reboot routers to stall malware
A new type of malware that can render routers useless by wiping out their firmware is now affecting more than 70 router models, according to tech news outlets.
VPNFilter malware can spy on traffic sent through infected routers—including website credentials—and block network access.
The malware has been discovered on routers manufactured by Asus, D-Link, Huawei, Linksys, MicroTik, Netgear, TP-Link, Ubiquity, Upvel and ZTE, as well QNAP network-attached storage devices. The malware could potentially affect other models, as well.
FBI Says Reboot Your Router
The FBI is advising households and small businesses to reboot their routers to disrupt the malware.
The agency issued a public service announcement recently, after Cisco reported recently that more than 500,000 routers had been infected with VPNFilter malware. The malware has been tied to Russian hacking group Sofacy.
“The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices,” the FBI says in its announcement. “Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”
The FBI says it has seized the domain associated with the malware, which has been tied to Russian hacking group Sofacy, according to tech publications.
How to Stop it
Rebooting the router will reportedly stop the malware, but some of the coding might remain on the device, allowing the malware to be reinstalled. In that case, a hard reset should be enough to remove the malware, though you’ll lose your settings and have to reconfigure them when you boot the router back up.
This article from Symantec details how the malware rolls out.
Keeping Your Router Secure
For general router security, it is recommended that you change your router’s default password. These often-basic original passwords are not secure and easy to hack.
Once you’ve set up your router with a secure password, make sure your wireless network itself is secured with WPA2-PSK (Wi-Fi Protected Access 2 – Pre-Shared Key), the best level of security for home wireless networks.
Choose a password that is easy to remember and share with guests who want to log on to your network, but difficult enough that your neighbors won’t be able to guess it. A childhood phone number combined with the name of a favorite teacher can make for a password that you can instantly recite, but that others won’t guess easily.
Some newer routers offer the option to make a guest network, so when friends come to visit, you can let them access your Wi-Fi without putting them on your primary network, where your devices can be accessed. If you choose to enable this option, make sure you also put a password on the guest network, rather than leaving it open, and use a different password from the one you choose for your primary network.
To further secure your router, it’s important to make sure it is running the latest version of firmware available from the manufacturer.
If you’re interested in doing more to protect your systems from cyber threats, software such as Malwarebytes can help. To find out how to get it, click here.