What Is It?
The malware in question is called “VPNFilter.” Despite its innocent-sounding name, it’s anything but! Its main attack vector involves burrowing into the routers of homes and small businesses. It’s also designed to stay within the router after it has been rebooted, making it a particularly stubborn example of malware. VPNFilter is spread by targeting routers with known flaws and weaknesses, and Ukranian-based devices are the most targeted out of all the countries. The origins of VPNFilter all point to a group called “Sofacy” that developed the code and spread it worldwide.
What Does It Do?
So once this new malware gets into a router, what does it do? VPNFilter is quite advanced and deploys its payload over three stages: When the router is powered on and off, stages 2 and 3 are wiped, but the “seed” that was set up during stage 1 persists. Regardless, the most damaging part of the VPNFilter malware is reset, which is why people have been told to do a restart on their routers.
Does It Affect All Routers?
Not every router can be hit by VPNFilter. Symantec goes into detail on which routers are vulnerable. To date, VPNFilter is known to be capable of infecting enterprise and small office/home office routers from Linksys, MikroTik, Netgear, and TP-Link, as well as QNAP network-attached storage (NAS) devices. These include:
Linksys E1200 Linksys E2500 Linksys WRVS4400N Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072 Netgear DGN2200 Netgear R6400 Netgear R7000 Netgear R8000 Netgear WNR1000 Netgear WNR2000 QNAP TS251 QNAP TS439 Pro Other QNAP NAS devices running QTS software TP-Link R600VPN”
If you own any of the above devices, check your manufacturer’s support page for updates and advice about defeating VPNFilter. Most should have a firmware update that should protect you entirely from VPNFilter’s attack vectors.
Is It Unfixable?
Luckily, despite the fact it sounds as if VPNFilter will be in routers forever, there are ways to get rid of it. While VPNFilter ensures it persists through the router being powered down, it can’t live through a factory reset. If you put your router through one of those, the malware will get caught up in the wipe and effectively be scrubbed out of your router. Once done, be sure to change your network credentials and disable remote management settings as well. Your details may have been leaked out in the attack, and preventing remote access can stop a future attack from reaching your home PCs and devices.
Vaporising VPNFilter
While VPNFilter is a nasty piece of kit that has elevated itself to the interest of the FBI, it’s not unbeatable! By doing a factory reset, you can clear your router of any malware. Plus, if your manufacturer has pushed out an update, you can avoid being infected again later down the line. Does VPNFilter affect you in any way? Let us know below. Image credit: Router, closeup of a wireless router and a man using smartphone on living room at home ofiice by Casezy idea/Shutterstock