VPNFilter Malware- What you need to know

VPNFilter is malware that is targeting select Linksys, MikroTik, TP-Link, and Netgear home or small office routers.  There is also evidence that the QNAP network attached storage (NAS) device is vulnerable.

The FBI released guidance to reboot or power cycle (unplug then plug back in) your router as a way to mitigate the malware.  This malware is destructive and may render your router or NAS unusable.   The FBI guidance is to conduct a factory reset to ensure your device has no trace of the VPNFilter malware.  Performing a factory reset may result in lost information or configuration settings.  It is possible that a backup of your configuration settings may be corrupted by VPNFilter, therefore it is advised to not restore from a back up of your configuration settings.

According to Cisco Talos the following devices are confirmed vulnerable (note: this list is not inclusive.  Other devices may be added as more information becomes available):

LINKSYS DEVICES:

E1200
E2500
WRVS4400N

MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:

1016
1036
1072

NETGEAR DEVICES:

DGN2200
R6400
R7000
R8000
WNR1000
WNR2000

QNAP DEVICES:

TS251
TS439 Pro

Other QNAP NAS devices running QTS software

TP-LINK DEVICES:

R600VPN

 

Post by Remote Process