What You Need To Know About the Malware VPNFilter

Some cyber threats out there are dangerous enough to cause major entities to warn against them. Specifically, a recent malware called VPNFilter has been deemed hazardous and prevalent enough that the FBI has addressed it. Since the malware targets routers, it has significant potential to become a considerable problem for your business.

Comprehending VPNFilter
VPNFilter is a malware that hides in your router and stays there even if you restart the device. VPNFilter is known for prioritizing devices in Ukraine, but you should never count on the trend to protect you from known threats. It’s believed that the VPNFilter malware originated from a group called Sofacy. It operates in three basic steps...

The first step: it installs itself on the device and remains there even in the event that the router is rebooted or turned off. Next, the malware will install certain permissions on the router that permits it to change settings, manage files, and execute commands. The router can then proceed to brick itself, making it much more difficult for your business to keep operations moving along. In its concluding stages, this malware lets a hacker view the data packets that are being sent to and from your organization’s device, meaning that they can then also issue commands and communicate with the device via a Tor web browser.

The FBI specifically noted this threat because of its persistence. While resetting the device will disable the second and third steps, the first will remain, creating an endless cycle if you don’t stop it.

Is Your Router Affected?
While not all routers are infected, the number of routers that are is rather substantial. Below is a list of affected brands:

• Asus
• D-Link
• Huawei
• Linksys
• MikroTik
• Netgear
• TP-Link
• Ubiquiti
• Upvel
• ZTE

If you are looking for a more comprehensive list of all affected devices, Symantec has a list on their website: https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware

How You Fix VPNFiler
There is an easy fix to VPNFilter: perform a factory reset on your router. This terminates anything that’s currently installed from the first stage of VPNFilter’s attack. Naturally, it’s also worth mentioning that the manufacturer of the router may have also administered a patch or security update resolving the vulnerability, so be sure to check for that as well so that it will never be an issue again.

For more updates and tech advice, be sure to subscribe to Macro System’s blog or give us a call at 703-359-9211.