The “VPNFilter” Scare

VPNFilter is malware that was designed to infect routers.  As of May 24th, 2018, there has been an estimated 500,000 routers infected worldwide.  This list continues to grow daily.  Cisco Talos added a list of additional routers that now brings the risk total to as many as 700,000 infected devices.

What makes VPNFilter so dangerous is that it can maintain a persistent presence on an infected device even after a reboot.  The FBI stated that VPNFilter was designed by a group known as “Fancy Bear”.  If this sounds familiar, it is because this is the same group out of Russia, that allegedly attempted to disrupt the US presidential elections back in 2016.

Should you be concerned?  The simple answer is a resounding YES!  The VPNFilter malware infection can “brick” or render your router useless.  According to Cisco Talos, “the malware can also be leveraged to collect data that flows through the device.” This could be as simple as data mining.  It could even be used to assess the value of the network that the device serves.

VPNFilter appears specifically designed to monitor login credentials entered on websites.  This includes sites like, online email, bank accounts, online shopping, etc.  VPNFilter also appears to watch for communications over the ModBUS SCADA protocol, which in essence affects systems that are used to control automated equipment and internet-of-things (IoT) devices. 

What can you do?

There are several steps to take to ensure that you are safe from the VPNFilter malware. While this list is not comprehensive, it will at the very least help prevent a malware infection.

1. If you can, reset your router to factory default (Warning! Don’t do this unless you have previous experience re-configuring your router.)

2. Upgrade your router’s firmware or check with your ISP provider to see if they have upgraded the firmware on your router

3. Turn off remote administration, unless you absolutely need it

4. Be sure to reset your router password. Default passwords for most router brands and models are readily available on the web.

If you are unsure of any of these steps or require assistance you can always email [email protected]  We will be more than happy to assist you.

For an updated list of affected devices, please visit the Talos blog here.