FBI Alert: Reset Your Router to Kill Russian Tied Malware 'VPNFilter'

 Perform a factory reset on your home router to avoid spreading malware.

Perform a factory reset on your home router to avoid spreading malware.

On May 23, Cisco's Talos security researchers published an article revealing that an advanced nation state, believed to be Russia, injected malware in to 500,000 small and home office routers.

The FBI released a public service announcement on May 25 asking owners of home and office routers to reboot their routers to temporarily disrupt the threat.

In the time since then, there is believed to be an additional 200,000 routers at risk of being infected with malware.

The full capabilities of the malware are unknown but are capable of of the following:

  • Monitor your internet traffic and steal sensitive data, such as website log-ins
  • Render the device completely unusable via a “kill” command
  • Use your devices to route/launch attacks on other targets

Security firms, like Trend Micro, are also encouraging router owners do more than reboot their router - perform a factory reset, update the router's firmware, and create a new admin username and password.

Targeted Devices

Asus Devices:
RT-AC66U
RT-N10
RT-N10E
RT-N10U
RT-N56U
RT-N66U

D-Link Devices:
DES-1210-08P
DIR-300
DIR-300A
DSR-250N
DSR-500N
DSR-1000
DSR-1000N

Huawei Devices:
HG8245

Linksys Devices:
E1200
E2500
E3000
E3200
E4200
RV082
WRVS4400N

Mikrotik Devices:
CCR1009
CCR1016
CCR1036
CCR1072
CRS109
CRS112
CRS125
RB411
RB450
RB750
RB911
RB921
RB941
RB951
RB952
RB960
RB962
RB1100
RB1200
RB2011
RB3011
RB Groove
RB Omnitik
STX5

Netgear Devices:
DG834
DGN1000
DGN2200
DGN3500
FVS318N
MBRN3000
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200
WNR4000
WNDR3700
WNDR4000
WNDR4300
WNDR4300-TN
UTM50

QNAP Devices:
TS251
TS439 Pro
Other QNAP NAS devices running QTS software

TP-Link Devices:
R600VPN
TL-WR741ND
TL-WR841N

Ubiquiti Devices:
NSM2
PBE M5

Upvel Devices:
Unknown Models*

ZTE Devices:
ZXHN H108N

How to Protect Yourself

Factory reset your router

You'll need your factory default username and password.

  • Check for a sticker on the router

  • By default, it could be a blank username and the password "admin"
  • Check your router's manual
  • Check routerpasswords.com

Update your router's firmware

Create a new secure username and password for your router

  • Use a password manager, like LastPass, to generate a new secure password.

Make sure remote administration is disabled in the router.

Extra Protection: Force HTTPS websites

Because the malware can manipulate where your web traffic goes, it targets secure HTTPS websites and downgrades them to HTTP. To force your browser to go to the secured HTTPS version of the site:

  • Install the HTTPS Everywhere browser extension. *Note: Only available for Google Chrome, Firefox and Opera. Not available for Safari, Edge, or Internet Explorer.


Not ready to do it yourself? Schedule an appointment below.

Marc Cunningham