FBI Alert – over 70 router models hacked

FBI alert – check your router!

The FBI is suggesting that home and small business network routers are rebooted to disrupt malware named “VPNFilter” that is infecting many types of devices connected to the Internet. Click here for the official FBI alert. “VPNFilter” can cause routers to become inoperable but even worse than that is that it can collect information passing through the router. Think online banking, passwords, personal and customer data … and know the potential damage is significant. Also know that the problem is far more widespread than was known when the FBI issued the alert on May 25th, 2018.

How to TEMPORARILY stop the malware in your router:

1. Turn off the router.
2. Unplug the router from the electrical outlet.
3. Leave the router unplugged for 30-60 seconds.
4. Plug the router back into the electrical outlet and power it back on.
5. Reconnect to the Internet.

If you have the technical know how or know someone else with technical abilities who can help you, here are additional recommendations that are more reliable:

1. Do a hard reboot or factory reset (aka 30-30-30 Router Reset). (See directions and explanations in this article on Livewire)
2. Change your router’s password.
3. Update your router’s firmware to the latest version.
4. Disable remote management settings.
5. To be super safe, confirm all of this with the manufacturer of your router because the number of infected devices keeps growing (see partial list below)

Devices identified as being impacted by VPNFilter malware

Initially only a dozen or so routers were identified as being infected but in the last couple of days, the list has grown significantly. I recommend taking action regardless of whether or not your router is on any list or not. Since some of the infecrted routers are brand new, I also recommend contacting  the manufacturer for the most updated way to handle this on a case by case basis. (Start by going to their websites in case the answers are already posted.)

• ASUS: RT-AC66U, RT-N10, RT-N10E, RT-N10U, RT-N56U, RT-N66U – All are new.
• D-LINK: DES-1210-08P, DIR-300, DIR-300A, DSR-250N, DSR-500N, DSR-1000, DSR-1000N – All are new.
• HUAWEI: HG8245 (new)
• LINKSYS: E1200, E2500, E3000 (new),  E3200 (new), E4200 (new), RV082 (new), WRVS4400N
• MIKROTIK: CCR1009 (new), CCR1016, CCR1036, CCR1072, CRS109 (new), CRS112 (new), CRS125 (new), RB411 (new), RB450 (new), RB750 (new), RB911 (new), RB921 (new), RB941 (new), RB951 (new), RB952 (new), RB960 (new), RB962 (new), RB1100 (new), RB1200 (new), RB2011 (new), RB3011 (new), RB Groove (new), RB Omnitik (new), STX5 (new)
• NETGEAR: DG834 (new), DGN1000 (new), DGN2200, DGN3500 (new), FVS318N (new), MBRN3000 (new), R6400, R7000, R8000, WNR1000, WNR2000, WNR2200 (new), WNR4000 (new), WNDR3700 (new), WNDR4000 (new), WNDR4300 (new), WNDR4300-TN (new), )UTM50 (new)
• QNAP: TS251, TS439 Pro, Other QNAP NAS devices running QTS software
• TP-LINK: R600VPN, TL-WR741ND (new), TL-WR841N (new)
• UBIQUITI: NSM2 (new), PBE M5 (new)
• UPVEL: Unknown Models* (new)
• ZTE : ZXHN H108N (new)

Please remember that it’s not only computers that can become infected by this type of malware. Devices such as cell phones and other Internet enabled devices are at risk too. It may be crazy thinking about it, but even a smart refrigerator, a baby monitor or a home security system can be compromised. What a crazy world we live in, right?

Until next time, … Stay Cyber Safe!