request a consultation

VPNFilter Malware: FBI Advises Rebooting Your Router

Published by RTI Team on

New Malware: VPNFilter

A new malware, believed to be linked to Russia, has compromised home and office routers and other networked devices worldwide. The malware, known as “VPNFilter,” has affected more than half a million routers so far, and the threat continues to grow. It is able to perform multiple functions, including information collection, device exploitation, and blocking network traffic.

VPNFilter Details

VPNFilter targets SOHO routers and network-access storage (NAS) devices. The impact and scope of the malware is significant with targeted routers from several manufacturers. Models include ASUS, D-Link, Huawei, Linksys, MikroTik, Netgear, QNAP, TP-Link, Ubiquiti, UPVEL, and ZTE.

Router

VPNFilter is able to render small office and home office routers inoperable, and it can potentially collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption. The VPNFilter botnet uses several stages of malware, and experts continue to discover new aspects of the malware. Most recently, Cisco’s Talos discovered a new stage 3 module called “ssler” that injects malicious content into web traffic as it passes through a network device.

Who is Behind the Attack?

The U.S. Justice Department opens in a new window blames the malware on the Russian Sofacy Group, also known as Pawn Storm, Fancy Bear, and Sednit. The group targets government, military, and security organizations, and other targets of perceived intelligence value.

The FBI Recommends Rebooting Your Router

The FBI responded to the threat by seizing a domain used by the attackers. This was a critical step in minimizing the impact of the malware. However, this step didn’t solve the entire issue. Therefore, there are a few steps you should take to protect yourself. The FBI opens in a new window recommends that “any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.” You should also disable the remote access feature on devices, change your default password to a strong one, and upgrade your device to the latest version of firmware.

Date Posted: 6/12/18
Date Last Updated: 6/4/19

By: RTI Marketing Team

Riverside Technologies, Inc. (RTI) specializes in managed services, IT hardware, warehouse services, and technology deployment.

Our solutions can help you achieve your goals.

Contact Us

Categories: Security

Related Posts

Zero Trust Security and How to Simplify It for Your Business

What you need to know about Zero Trust Security and how to simplify it for your business The ever-changing cyber world, is accelerating at fast speeds and creating more sophisticated cyber threats, data breaches, and Read more…

Essential Security Policies for Your Organization

Security Policies for Your Business Implementing essential security policies has become a crucial component of IT security in all organizations, and the stakes are high. Cyber threats are becoming increasingly sophisticated, and the cost of Read more…

7 Rules to Keep Your Passwords Strong and Secure

 A weak password could cause problems.  Here’s what you can do to safeguard your many accounts. A strong password is essential when it comes to your online security, and you need a unique one for Read more…

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.