Address

610 Baldwin Street, Jenison, MI 49428

Phones

616-457-2915 877-457-2915

Hours

Mon-Fri 9:00 am to 5:30 pm

VPNFilter

VPNFilter Malware

You may have seen in the news recently that the Federal Bureau of Investigation (FBI) sent out a public service announcement concerning a recent cyber security threat. The recommendation was to reboot your routers. We wanted to get some clarifications out to our customers since some questions have popped up about this.

The warning is about a Russian malware, which is malicious software, called VPNFilter. This malware can install itself on routers to steal website credentials passing through the routers, and also has the destructive capability to "brick" the device (which essentially makes it unusable).

The FBI recommendation was to reboot your router (even if it's not on the list of affected devices) as a way to temporarily disrupt the malware, however, this does not prevent it from being reinstalled. At the very least, additional steps would be to ensure that the most current version of the firmware is installed, remote management is turned off, and that administrative passwords are changed. If a router is known to be infected, which is difficult to detect, it is recommended that the device be factory reset or to completely replace the device.

The current list of affected devices include, but are not limited to:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

The malware mostly targets routers with default passwords and with older firmware.

Whether you have one of the affected devices or not, the recommendation is to reboot your router. Also, the recommendation to make sure your device has the most current version of the firmware installed, remote management is turned off, and that administrative passwords are changed would be a good step for all routers too.

If you need assistance with the recommended steps, please contact us and we can schedule time to assist you.