Barracuda full logo

Are you a victim of this ongoing global attack?

Topics:
May. 29, 2018
|
Christine Barry

We are just coming off a long holiday weekend in the United States, which means that many Americans haven't heard the latest alert from US-CERT and other entities regarding the ongoing VPNFilter malware attack on small and home office routers. Here's Fleming Shi discussing the attack with Scott Budman of NBC Bay Area:

The FBI announced last week that users around the world should reboot their routers and network storage devices to disrupt the botnet built by this malware. The agency states that the botnet is under the control of the Sofacy Group, and is using several stages of malware. The first stage persists through a reboot, and the second stage contains the payload and can even brick the device if instructed. The final stage includes packet sniffers and other tools to monitor traffic and capture credentials and allows the second stage malware to communicate using Tor.

Brian Krebs has an excellent post on what devices are affected and how the malware works on his security blog here. He also has some information on how other technologies such as WPS can play into the vulnerabilities of these routers. If you are responsible for securing networked electronics, this is a must-read.

The best action to take is to power down your SOHO routers immediately, to interrupt the payload. Wait for about a minute and then power back up. Apply the latest patches if available and then make sure that none of your devices are using default credentials. Additionally, Netgear advises customers to turn off remote management on the router, and Linksys recommends factory resets on all infected routers.

The FBI has also seized part of the malware command-and-control infrastructure and is working with domestic and international partners to identify and expose the actors behind VPNFilter.

If you'd like to connect with Fleming Shi, SVP of Technology at Barracuda, you can find him on LinkedIn here.

If you need help restarting your router or you are concerned about a possible infection that you cannot clear, contact the tech support team for your device. You may also be able to download a pdf of the user manual by searching the manufacturer's website for the device model.

Christine Barry

Christine Barry Senior Chief Cybersecurity Storyteller and Content Manager at Barracuda.  Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years.  She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.

Connect with Christine on LinkedIn here.

 

Join our Reddit community!

Related Posts:
Infrastructure defense: Water and wastewater systems
Infrastructure defense: Water and wastewater systems
 Devices, computing, security. It’s all about the edge.
Devices, computing, security. It’s all about the edge.
 Water and wastewater systems in the crosshairs
Water and wastewater systems in the crosshairs
 Defining cyber-physical systems and other connected 'things'
Defining cyber-physical systems and other connected 'things'
Search the blog

The Ransomware Insights Report 2025

Key findings about the experience and impact of ransomware on organizations worldwide

Get the report

Subscribe to the Barracuda Blog.

Sign up to receive threat spotlights, industry commentary, and more.

Managed Vulnerability Security: Faster remediation, fewer risks, easier compliance 

See how easy it can be to find the vulnerabilities cybercriminals want to exploit

WATCH THE WEBINAR

Sign up to receive threat spotlights, industry commentary, and more.

Get all the latest news, research, and analysis delivered right to your inbox.