In conjunction with an FBI-issued PSA on Friday, May 25th, 2018, Muscatine Power and Water is also advocating that owners of small office and home office routers reboot their routers. Hackers, presumably working outside the U.S. for an advanced nation, have infected hundreds of thousands of routers and other networked devices around the world with malware. The hackers are using VPNFilter malware, which performs multiple actions that include collection of personal information, device exploitation, blocking network traffic, and can make small office and home routers inoperable.

While the ASUS router that Muscatine Power & Water provides is not on the list of affected devices, according to a Symantec Blog, devices currently known to be affected by the VPNFilter include:

  • Linksys: E1200, E2500, and WRVS4400N
  • Microtik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear: DGN2200, R6400, R7000, R8000, WNR1000, and WNR2000
  • QNAP: TS251, TS439 Pro and QNAP NAS devices running QTS software
  • TP-Link: R600VPN

Whether you’re using MP&W’s managed WiFi service, which helps manage these kinds of attacks on your router, or not, we want to help you protect your router and personal information from this malware. Here are 4 steps you can take:

  1. Change the password immediately.  If you haven’t updated your router password for awhile, it’s a good idea to update your password now.  When updating/creating a password, try to use a secure password that contains a combination of letters, number and symbols, if possible.
  2. Update your router firmware if there is an update available.
  3. Disable/ don’t enable remote management unless it’s truly necessary.
  4. Reboot your router.  Rebooting is easy.  Unplug your router, wait 60 seconds, then plug it back in.  It’s recommended to reboot your router at least 1 time per month.

Taking these steps may help safeguard being the victim of this attack, however, device manufacturers as well as the government have not made it clear that they are 100% effective against this attack at this time.

To view a complete technical breakdown of how this malware operates, visit the Talos Intelligence website.

References: Symantec Blog, “VPNFilter: New Router Malware with Destructive Capabilities”, May 23, 2018.