VPNFilter

Your privacy and network security are at risk. Government officials issued a warning about a recently discovered piece of Russian malware. The FBI, Department of Homeland Security, and the Department of Justice are encouraging any internet users to reboot their routers and network-attached storage devices. This new malware threat, known as VPNFilter, is rapidly infecting more than a half-million consumer devices.

What is VPNFilter?

VPNFilter targets Linksys, MikroTik, NETGEAR, and TP-Link networking equipment.  It is a multi-staged piece of malware—meaning that it has 3 stages of installation and infiltration. Stage 1 doesn’t do anything malicious; it is installed in order to establish a presence on the device, and later execute Stages 2 and 3. Once Stage 1 installation is complete, Stages 2 and 3 can begin further infiltration of your router.

Stage 2 and 3 are capable of file collection, data extraction, and spying on your internet traffic. With Stage 2, attackers can issue a self-destruct command, making your router inoperable.

VPNFilter is linked to a group of Russian state-sponsored hackers known as “APT28,” “Fancy Bear” or the “Sofacy Group.” This group is the same group of hackers that is accused of interfering with the 2016 presidential election.

How Can You Defend Yourself?

Experts say that a simple reboot can temporarily protect you from VPNFilter. Rebooting your router and network-attached storage devices can disrupt and uninstall Stages 2 and 3 of the malware. After the reboot, Stage 1 remains on the router.  The continued presence of Stage 1 allows attackers to reinstall Stages 2 and 3 another time. The only way to remove Stage 1 of VPNFilter is to perform a factory reset of your device.

The FBI recommends changing your router’s administration passwords often, and applying the latest available patches and firmware upgrades to the affected devices. People should also consider disabling the remote management settings on their devices. If your device is one of the affected routers, you should start looking for a replacement.