FBI Alert: Reset Your Router to Kill Russian Tied Malware 'VPNFilter'
Perform a factory reset on your home router to avoid spreading malware.
On May 23, Cisco's Talos security researchers published an article revealing that an advanced nation state, believed to be Russia, injected malware in to 500,000 small and home office routers.
The FBI released a public service announcement on May 25 asking owners of home and office routers to reboot their routers to temporarily disrupt the threat.
In the time since then, there is believed to be an additional 200,000 routers at risk of being infected with malware.
The full capabilities of the malware are unknown but are capable of of the following:
- Monitor your internet traffic and steal sensitive data, such as website log-ins
- Render the device completely unusable via a “kill” command
- Use your devices to route/launch attacks on other targets
Security firms, like Trend Micro, are also encouraging router owners do more than reboot their router - perform a factory reset, update the router's firmware, and create a new admin username and password.
Targeted Devices
Asus Devices:
RT-AC66U
RT-N10
RT-N10E
RT-N10U
RT-N56U
RT-N66U
D-Link Devices:
DES-1210-08P
DIR-300
DIR-300A
DSR-250N
DSR-500N
DSR-1000
DSR-1000N
Huawei Devices:
HG8245
Linksys Devices:
E1200
E2500
E3000
E3200
E4200
RV082
WRVS4400N
Mikrotik Devices:
CCR1009
CCR1016
CCR1036
CCR1072
CRS109
CRS112
CRS125
RB411
RB450
RB750
RB911
RB921
RB941
RB951
RB952
RB960
RB962
RB1100
RB1200
RB2011
RB3011
RB Groove
RB Omnitik
STX5
Netgear Devices:
DG834
DGN1000
DGN2200
DGN3500
FVS318N
MBRN3000
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200
WNR4000
WNDR3700
WNDR4000
WNDR4300
WNDR4300-TN
UTM50
QNAP Devices:
TS251
TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link Devices:
R600VPN
TL-WR741ND
TL-WR841N
Ubiquiti Devices:
NSM2
PBE M5
Upvel Devices:
Unknown Models*
ZTE Devices:
ZXHN H108N
How to Protect Yourself
Factory reset your router
You'll need your factory default username and password.
Check for a sticker on the router
- By default, it could be a blank username and the password "admin"
- Check your router's manual
- Check routerpasswords.com
Update your router's firmware
Create a new secure username and password for your router
- Use a password manager, like LastPass, to generate a new secure password.
Make sure remote administration is disabled in the router.
Extra Protection: Force HTTPS websites
Because the malware can manipulate where your web traffic goes, it targets secure HTTPS websites and downgrades them to HTTP. To force your browser to go to the secured HTTPS version of the site:
Install the HTTPS Everywhere browser extension. *Note: Only available for Google Chrome, Firefox and Opera. Not available for Safari, Edge, or Internet Explorer.