Technology in the News / By

On May 23rd researchers at Cisco discovered an advanced malware, named VPNFilter, that targets routers and NAS devices in order to steal files, information, and examine network traffic as it flows through the device. More details can be found on the powersolution.com blog article titled ‘[ALERT] 500,000+ Consumer Routers Infected with VPNFilter Malware

 

Originally, VPNFilter was found to infect only 16 device models. Cisco has released new research indicating that VPNFilter can infect 71 different models. The updated list includes the following models:

Asus Devices:
RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)		D-Link Devices:
DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)		Huawei Devices:
HG8245 (new)Linksys Devices:
E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N		Netgear Devices:
DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)
QNAP Devices:
TS251
TS439 Pro
*Other QNAP NAS devices running QTS software		TP-Link Devices:
R600VPN
TL-WR741ND (new)
TL-WR841N (new)Ubiquiti Devices:
NSM2 (new)
PBE M5 (new)		UPVEL Devices:
Unknown Models (new)ZTE Devices:
ZXHN H108N (new)		 

If users can’t update their router’s firmware but would like to wipe the malware from their devices, instructions on how to safely remove the malware are available below. Removing VPNFilter from infected devices is quite a challenge, as this malware is one of two malware strains that can achieve boot persistence

How to remove VPNFilter and protect your router or NAS

To completely remove VPNFilter and protect your router from being infected again, you should follow these steps:

  1. Reset Router to Factory Defaults: Linksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti
  2. Upgrade to the latest firmware: Linksys * Netgear * TP-Link * Asus * D-Link * Ubiquiti
  3. Change the default admin passwordLinksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti
  4. Disable Remote Administration: Linksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti

Please note that resetting your router to factory defaults will remove all settings. You will then need to reconfigure the device from scratch. If this step seems too advanced, at a minimum, steps 2, 3, and 4 should be followed. At this time, it appears that a factory reset is the only way to completely remove the infection, as VPNFilter achieves boot persistence.

Advisories from router manufacturers regarding VPNFilter can be found at Linksys * Netgear * QNAP * TP-Link

How is your state of IT?

REQUEST A SECURITY ASSESSMENT
Call Us: (201) 493-1414

Related Articles

FaceTime bug poses privacy threat for individuals and businesses using the app
Will your data be affected by Google’s GDPR flop? Europe leads the way on privacy policy enforcement.
Google applies modifications to Chrome after major privacy issue
Additional Update on CPU Meltdown and Spectre Vulnerabilities
CPU Meltdown and Spectre Alert Update
Critical flaw in Intel Chips makes your computer vulnerable without a fix, and too slow with a patch.
U.S. Congress Hired the Wrong “IT Guy” – How SMBs Can Avoid a Similar Costly Mistake
Leaked new version of Windows 10 for advanced users
Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution industry awards
Scroll to Top