sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location

The Latest Cyber
Intelligence
from Si

Si Cyber Intel: VPN Filter Botnet - How Rebooting Your Router Isn't Enough
Jun2018

Si Cyber Intel: VPN Filter Botnet - How Rebooting Your Router Isn't Enough

Recap: The VPNFilter Botnet is a type of malware that targeted routers and NAS devices in order to steal information, files and observe network traffic through devices in real time. 

Once installed, the malware works in three specific stages:

  • Stage 1: Once installed, the malware will stay present even when users reboot their routers.
  • Stage 2: Attackers work tirelessly executing demands in order to steal sensitive data. At this stage the router interrupts the user’s network connections.
  • Stage 3: This is the final stage where various plugins can be installed into the malware which allows it to monitor or 'sniff' out the data flowing over the network links in real time, watch all SCADA communications and communicate over TOR.

What is interesting is that Stage 1 will run again after the router has been rebooted, but Stage 2 and 3 won't. This is why the FBI put the message out to ask everyone to reboot their routers in order to disable Stage 2 and 3.

So why isn't just rebooting your router enough?

By rebooting your router it will disable the more malicious components of Stages 2 and 3. However, Stage 1 will still be present on the router.

The only way to get rid of the VPNFilter malware is for users to restore their routers back to factory settings. See below steps on how to do this:

  • Reset router back to Factory Settings
  • Upgrade router to the latest firmware software
  • Change admin password
  • Disable remote administration

It is important to note, that even though the above will remove the VPNFilter malware and other current threats in the Cybersecurity world, this will not protect users forever. Cyberattacks are increasing rapidly and attackers are discovering and exposing new vulnerabilities constantly.

For this reason, it is important to continually update and install devices with the latest software updates when available to protect against new threats.

For information about Si Cyber’s malware detection and response capabilities, please contact sales@siconsult.com

 

All News

Register and stay up to date with Si’s Cyber Intelligence

By using this form you agree with the storage and handling of your data by this website.

Interested in our services?

Do you have a question or need more information?

We would like to hear from you! Please complete the form below and a representative from Si will follow up with you as soon as possible.

By using this form you agree with the storage and handling of your data by this website. Please view the terms of our policy here.
Close

Al Barsha Business Point, Office 501, Al Barsha One, P.O. Box 283996, Dubai, UAE

CALL OFFICE EMAIL OFFICE
Close

1st Floor, 6 Bevis Marks, London, EC3A 7BA

CALL OFFICE EMAIL OFFICE
Close

Supreme Headquarters Building, Office 807-810, Survey No. 36, Pune-Bangalore Highway, Baner, Pune 411045, India

CALL OFFICE EMAIL OFFICE
Close

Office 808, Tower II, The Gate Mall, West Bay, Doha, Qatar, PO Box 14023

CALL OFFICE EMAIL OFFICE

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this event has been submitted and you will be contacted within 24 hours.