Why IT Services Companies Are Key to Fighting VPNFilter

At this point, you’ve probably heard about VPNFilter malware, the extremely advanced, highly malicious cyberattack that the F.B.I. has been warning people about since May.

If you haven’t yet heard about VPNFilter, we highly recommend that you reboot your network router right now.

Hopefully, you rebooted your router just then. If, instead, you’re still reading and wanting to know what VPNFilter is before you take action, this blog is for you. You’ll also learn how IT services companies can help you stay on top of critical threats like VPNFilter, starting now.


What Is VPNFilter?

VPNFilter is a recently discovered, highly advanced malware. It attacks small, home-based internet routers, like the ones you have in your home and office right now. At the last count, the malware had infected over 500,000 routers in at least 54 countries.

The malware has the capability to steal usernames and passwords for all the websites you visit (including your bank account), and it can also destroy your router entirely. This “kill” function that destroys routers is especially worrisome to cyber defense experts because it could cause mass Internet outages in target areas, effectively blacking out cities or nations.


How Does VPNFilter Work?

We’re not going to get too technical here, but, in essence, the malware has 3 stages:

  • Stage 1 infects your router, then downloads a picture from Photobucket.com (image sharing site) onto your network, so it can ID your server’s IP address. [Note that a reboot does not delete this portion of the malware, so if you’re infected, you’ll need to talk to an IT services provider to determine your next steps.]
  • Stage 2 uses the server IP address that stage 1 identified, so it can infect your servers and control your network. This stage can kill your devices, download files, execute files, and more. [A reboot will delete this portion of the malware.]
  • Stage 3 enhances stage 2 capabilities by allowing the malware to actively track your network traffic and data. [A reboot will delete this portion of the malware.]


Who Is Affected by the Malware?

As we mentioned earlier, 500,000+ routers have already been infected. Though research is currently ongoing (read this Talos Intelligence post for updates), the following popular routers have already been identified as susceptible to the malware.

If your router is one of the below, we recommend an immediate reboot.

  • Linksys
  • MikroTik
  • Netgear
  • TP-Link
  • ASUS
  • D-Link
  • Huawei
  • Ubiquiti
  • ZTE


How Can You Protect Your Business?

Though it can be hard to rid your system of the malware entirely without a factory reset or a full wipe, it’s quite easy to mitigate the attack. All you have to do is:

  • Update your router’s firmware by accessing the admin panel of your router (Not sure how to do this? Call the number on your most recent Internet bill and ask for help – or ask us.)
  • Reboot your router in one of 2 ways:
    1. Unplug your router entirely, wait 60 seconds for it to reset, and then plug it back in
    2. Go to your router’s admin panel and click “reboot” (preferred method)
  • Reset your router passwords so they’re not the default ones. These default passwords are not secure; in fact, a quick Google search will reveal anyone’s default router password.

After you’ve performed these three steps, it’s a good idea to continuously monitor your network for the confirmed VPNFilter activity listed near the end of the Talos Intelligence page. However, if you don’t have an IT department or a Managed Services Provider (MSP), ongoing monitoring will be very difficult, perhaps impossible, to accomplish.

If you aren’t sure how to complete any of these steps, you can ask your Internet Service Provider (such as Comcast Xfinity) to help, or you can hire an IT Managed Services company that specializes in helping businesses like yours.


What Can an IT Managed Services Company Do to Help?

Of course, when you’re working with an IT services company, you won’t have to worry about any of this. It’ll all be taken care of for you. IT services pros will have already reset your default passwords, downloaded the latest firmware, and rebooted your router for you – plus, they’ll actively monitor your systems around the clock to ensure your entire network stays protected at all times.

Looking for an IT Managed Services company in the Seattle area to help you defend your business? Check out Interplay, one of the city’s longest standing Managed Services Providers.

Since 2001, Interplay’s hands-on IT experts have been helping Seattle-area companies secure their computers and networks against disasters, cyber threats, and even plain old user errors. (It happens.)

Secure your business systems with world-class backup/business continuity services, around-the-clock network monitoring, a 24/7 on-call team, and IT pros who are always happy to come to your offices, roll up their sleeves, and get to work fixing your IT.

Secure your business with Interplay.


Contact Interplay to request a complimentary scan of your network, so you can check if your business is currently vulnerable to VPNFilter.