The FBI released a warning on Friday (May 25, 2018) about a security breach by hackers in Russia that targets small office and home office routers as well as some storage servers.

The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well as QNAP network-attached storage (NAS) devices.

William Largent

Threat Researcher, Cisco Talos Intelligence Group

Although the specific way that the devices are affected are unknown,

text2

The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en-masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.

William Largent

Threat Researcher, Cisco Talos Intelligence Group

Defense

According to the FBI, the best steps to stop or prevent the malware include:

  • Reboot the potentially compromised router
  • Upgrade the firmware to the latest provided by the Manufacturer IMMEDIATELY
  • Disable remote-management functionality
  • Disable UPnP
  • Enable encryption
  • Use a strong password
  • DO NOT USE DEFAULT PASSWORD ON YOUR DEVICE