Rebooting Router Isn’t Enough For VPNFilter Botnet Removal

Few days back, the Federal Bureau of Investigation (FBI) have issued a report which recommends that everyone needs to reboot their routers. The main reason behind this recommendation is that the team of criminal hackers that might belongs from Russia have affected numerous home and office routers and other networked devices all around the world including the United States. According to the FBI, a malware named VPNFilter botnet has infected more than 500,000 routers and NAS devices. Hence, this advisory states that the users need to reboot their routers to disrupt the VPNFilter botnet malware.


In fact, the only way that helps the users from the attack of VPNFilter botnet malware is to reset their router to factory defaults. Instead of resetting, most of the users rebooting their routers and that is why, some part of the malware still remains on the affected router that gets activated when the router is rebooted. However, before proceeding for the instructions to clean your router and secure them from future malware attacks, you need to know some important facts about VPNFilter botnet malware.

Everything You Need To Know About VPNFilter Botnet Malware

VPNFilter is considered as a malware which mainly targets the NAS and routers. The main of objective of this malware is to steal sensitive files, data and to monitor the network traffic that flows from the device. Once VPNFilter gets installed, it works on three different stages and each stage consists specific functions. In the first stage, it gets inside and allows itself to stay on the device for prolonged period even when the router is rebooted. In the second stage, VPNFilter botnet malware allows the remote hackers to execute malicious commands and steal data from the device.

This second stage also makes the router and network connection completely non-functional. While in the last stage, the VPNFilter malware installs various plug-ins that allows it to perform several illicit tasks like communicate over TOR network, sniff the network and monitor SCADA communication. However, when you reboot your router, the stage one will run again but the second and third one will not. That is why, the FBI has advised to reboot the routers to stop the stage 2 and 3 function of VPNFilter botnet.

List of the Routers Affected by VPNFilter Malware

Based on the research report published by Symantec, Cisco and the Security Service of Ukraine, the router that were most affected by VPNFilter botnet malware are:

  • Netgear WNR1000
  • Linksys E2500
  • QNAP TS439 Pro
  • Netgear DGN2200
  • Netgear R7000
  • LinkSys WRVS4400N
  • QNAP TS251
  • TP-Link R600VPN
  • Netgear R8000
  • Netgear R6400
  • Linksys E1200
  • Netgear WNR2000
  • Mikrotik RouterOS Versions for Cloud Core Routers: 1016, 1036, 1072
  • Other QNAP NAS devices running QTS software

Also Read: Trojan win32/Tiggre!rfn : Another Crypto Malware Mines Cryptocurrency

Best Way To Eliminate VPNFilter Malware To Protect Router & NAS

You need to follow the below-mentioned steps in order to remove VPNFilter botnet malware completely from your router or NAS devices and also to protect them from getting infected again:

  • Reset the router to factory defaults.
  • Update the router with latest firmware.
  • Immediately change the admin password.
  • Also disable the remote admin feature.

Leave a Comment

Your email address will not be published. Required fields are marked *