Skip to Content
Security & privacy

How to protect yourself from the latest router malware attack

We’ve been warning you about how vulnerable your router can be if it’s not configured properly. Hackers can hijack it to harvest your personal information, commandeer your smart devices, install malware on your computer and redirect your traffic to fake websites.

As you all know, vulnerable routers are always on a hacker’s wish list. Your router, after all, is your main gateway to the internet. It is an important component in our internet-connected households and businesses and guarding it against malicious intrusions is critical.

One such threat is this new malware that has reportedly infected half a million routers around the world!


Revealed this week by Cisco Talos security researchers, the dangerous malware is now known as VPNFilter and it has already infiltrated half a million routers in dozens of countries, including the U.S. It’s suspected that the compromised routers will soon be used in a major botnet attack.

A botnet, to refresh your memory, is a group of gadgets that hackers have quietly taken over to be used as minions in cyberattacks, typically that of the distributed-denial-of-service (DDoS) variety.

Note: DDoS is an attack where a targeted website is flooded by an overwhelming amount of requests from millions of connected machines (collectively known as a botnet) in order to bring it down.

And get this, VPNFilter even has remote self-destruct capabilities! Yep, it can delete itself and render infected routers inoperable in the process.

Are you affected?

Here’s a list of the targeted devices (courtesy of ArsTechnica):

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

How to remove VPNFilter (and protect yourself, too)

Detecting the presence of VPNFilter on your gadgets is difficult since routers and network-attached storage devices don’t have anti-virus software. However, since VPNFilter is what is known as firmware malware, here are a few mitigation steps you can employ.

Perform a factory reset

To play it safe, if you own any of the models on the list, it’s recommended that you perform a factory reset as soon as possible. Typically, this involves holding down the router’s reset button in the back for five to 10 seconds.

Keep in mind that resetting your router will remove all your configuration settings so you will have to enter them again.

Update your router’s firmware 

Next, make sure you have your router’s latest firmware. You should check for router firmware updates at least once every three months, anyway.

The process is not as hard as it sounds. Once you’re in the router’s admin page, check for a section called “Advanced” or “Management” to look for firmware updates, then just download and apply as required. This practice can also protect your router from future infections.

Click here to learn more about updating your router’s firmware.

Change the router’s default password

When you installed your router, did you remember to do this one critical step – changing its default administrator password? Basically, if someone other than you can get in your router’s admin page, then he/she can change any setting they want.

Make sure you’ve changed the default router password. Every hacker worth his or her salt has access to all the default passwords of every router brand, so you need to create one of your own that’s strong.

Click here to learn how to find your router’s password (then change it!)

Turn off remote administration

While you’re in your router’s administrator page, you can turn off remote administration for better security. Remote administration is a feature that allows you to log into your router over the internet and manage it. If you’ve ever called tech support, you may have experienced something similar.

Remote administration is a handy tool, especially when you need to fix a problem, but it leaves your computer vulnerable to hackers. Unless you absolutely need it, turn this feature off. You can find this under your router settings, usually under the “Remote Administration” heading.

4 scariest forms of malware spreading right now

Speaking of firmware-based malware, it’s one of the scariest forms of malware that is spreading right now. Click here to read more.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days