On May 23rd researchers at Cisco discovered an advanced malware, named VPNFilter, which targets routers and Network Attached Storage (NAS) devices in order to steal files, information, and examine network traffic as it flows through the device. More details can be found on the following powersolution.com blog articles:
- ALERT: 500,000+ Consumer Routers Infected with VPNFilter Malware
- Update: additional info on advanced malware, named VPNFilter
Symantec has released a tool that will check if your router has been compromised by a specific component used by VPNFilter.
We recommend running this tool to see if your home router has been compromised. If you are a powersolution.com managed IT customer, your Organizations’ network is not susceptible to VPNFilter. If you are not a current customer, we also recommend performing the check from a computer within your organization. Please use the link below to access the tool provided by Symantec.
If Symantec’s tool does indicate that your router is infected, we have compiled a list of instructions to follow below.
How to remove VPNFilter and protect your router or NAS
To completely remove VPNFilter and protect your router from being infected again, you should follow these steps:
- Reset Router to Factory Defaults: Linksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti
- Upgrade to the latest firmware: Linksys * Netgear * TP-Link * Asus * D-Link * Ubiquiti
- Change the default admin password: Linksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti
- Disable Remote Administration: Linksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti
Please note that resetting your router to factory defaults will remove all settings. You will then need to reconfigure the device from scratch. If this step seems too advanced, at a minimum, steps 2, 3, and 4 should be followed. At this time, it appears that a factory reset is the only way to completely remove the infection, as VPNFilter achieves boot persistence.
- Advisories from router manufacturers regarding VPNFilter can be found at: Linksys * Netgear * QNAP * TP-Link