VPNFilter — malware that affected more than 500 000 routers worldwide
VPNFilter virus is a program that infected half a million routers.
VPNFilter malware is a highly sophisticated modular cyberthreat that is capable of inflicting tremendous damage to routers (such as MikroTik, Linksys, Netgear, TP-Link) and network attached storage devices. The activity of the virus was first spotted back in 2016, although the attacks highly spiked up in May 2018, infecting over 500,000 devices in 54 countries. Researchers believe that the cyber threat was created in Russia, and is highly sponsored by the government. VPNFilter capabilities are awe-inspiring: it can downgrade HTTPS communication to collect sensitive data, gain administrative rights on the device, obfuscate the attackers using sophisticated techniques, and even disable the targeted device, which would allow hackers to block the internet connection to thousands of users simultaneously.
|Strategy||Add malicious content to the traffic that passes through a router|
|Main dangers||Can steal sensitive data|
|Distribution||Through software and device vulnerabilities|
|Treatment||Rebooting your router, upgrading, scanning the system for possible threats with Reimage|
In the past, security experts stated that VPNFilter malware performs a man-in-the-middle attacks on incoming router web traffic. SSLER module was used to inject payloads to exploit devices connected to the infected network. The module can also be used to modify the content delivered by websites.
TLS encryption is essentially designed to prevent attacks like VPNFilter. To bypass this security, the SSLER module downgrades secure HTTPS to plaintext HTTP, which signals the endpoint that encrypted connections can't be used.
Security researchers from Cisco initially though the target of VPNFilter virus are routers of small offices and homes which can be used to execute attacks for primary victims. Nevertheless, the discovery of the SSLER confirmed that targets are users themselves.
Hackers can manipulate everything that comes in and out of the compromised device. For example, sophisticated VPNFilter malware can modify the online bank account web page to look normal, while in reality the money can be long gone.
Another alarming feature of VPNFilter malware is that it is capable of disabling the device entirely by overwriting its firmware and rebooting itself. Regular users are then unable to fix the device as it requires technical skills and specific tools. The worst part is that attackers could potentially disable the internet for entire regions in targeted countries.
It is essential to proceed with VPNFilter malware removal and procedures getting your router's security back. It is known that at the time these devices were compromised:
- Linksys: E1200, E2500, WRVS4400N
- Mikrotik: 1016, 1036, 1072
- Netgear: DGN2200, R6400, R7000, R8000, WNR1000, WNR2000
- QNAP: TS251, S439 Pro, and other QNAP NAS devices running QTS software
- TP-Link: R600VPN
It is difficult to tell if your device has been affected because malware is designed to operate in multiple stages and unnoticed. The list of devices above is definitely not full, and many more might be vulnerable for the attack. You should remove VPNFilter malware associated programs if you find any while using anti-malware tools like Reimage.
VPNFilter malware is a virus that came back being more powerful.
New features make VPNFilter malware even more dangerous than everyone thought
July 2018 come with more news about VPNFilter malware. The malicious program might be much more dangerous than initially thought. It appears that malware can attack endpoints that should be safely hidden behind the firewall. The amount of affected devices has risen from 500 000 to almost a million all around the world.
At first, it was believed that only 15 or 20 different types of routers were affected, but now information surfaced about 50 others. Also, there are new features added to the mix:
- VPNFilter malware is now able to add malicious content to the traffic that comes in and out the router;
- A virus can install malware onto the computer connected to the router;
- Passwords can be stolen alongside other sensitive information.
Many security researchers believe that VPNFilter malware is not going to be terminated any time soon, and will only evolve instead. The virus expands the list of devices it can infect constantly. Meaning, that more people will be affected by this sophisticated, multi-stage cyber threat.
Vulnerabilities are used for virus developers' advantage
There is no way to tell if your computer is infected, at least no easy way. The only way to get a hint is by checking a list of vulnerable routers' names and check if yours is among them. This malware spreads by targeting devices with known flaws and weaknesses.
Resetting factory settings might help, so you definitely should try that. You can also reduce the possibility of infection if you upgrade to the newest version of the router, where the vulnerabilities are patched. Nevertheless, it is extremely hard to tell if your router is infected at the first stage of the attack. However, there is a possibility to fix these issues.
VPNFilter malware is a program that caused a huge scandal.
Eliminate VPNFilter malware related problems
To remove VPNFilter malware, your should firstly reboot the router. Turn your device off and then back on. This may disrupt the cyber threat. It can help to unload later stage components, but after this malware might start the first stage of the attack again. The most dangerous activities can be disabled, but the virus will remain inside the device.
The best VPNFilter malware removal option is resetting your router back to factory default settings. This will also reboot the device. It means you need to set up your router again while adding a password and network configuration. Secure the device with the new password that is strong and unique.
You can check the manufacturer's website for information about this infection. Upgrade your device's drivers to the latest version available – there is a high chance that vulnerabilities will no longer be there.