My router is disabled/ destructed by VPNFilter Malware, what should I do?

Q1. What should I do if my router is affected? 

Reboot immediately by performing a hard reset on device! 

Steps to hard reset your Asus router: 

  1. Reset the device to factory default: Hold the Reset button in the rear for at least five seconds until the power LED starts blinking
  2. Update all devices to the latest firmware
  3. Ensure default admin password had been changed to a more secure one
  4. Disable Remote Management (disabled by default, can only be enabled via Advanced Settings)
  5. Enable the URL filter in the Advanced Settings -> Firewall. Set the Filter table type as Black List. Add the "Photobucket" and "toknowall" in the URL filter list. 

Q2. Is my router affected?

List of routers affected: 

  • Asus RT-AC66U
  • Asus RT-N56U (EOL)
  • Asus RT-N10 (EOL)
  • Asus RT-N10E (EOL)
  • Asus RT-N10U (EOL)
  • Asus RT-N66U

Other affected routers can be found here

For any users with the EOL models listed above, we strongly advise you to upgrade to Wi-Fi Hub or Wi-Fi halo router. More information on the routers can be found here

Q3. What is VPNFilter Malware?

VPNFilter Malware is a new threat which targets a range of routers and network-attached storage (NAS) devices are capable of knocking out infected devices by rendering them unusable. It is capable of maintaining a persistent presence on an infected device, even after a reboot.

VPNFilter has a range of capabilities including:

  • Spying on traffic being routed through the device
  • Theft of website credentials
  • Intercepting all traffic going through the device via port 80, meaning the attackers can snoop on web traffic and also tamper with it to perform man-in-the-middle (MitM) attacks
  • Change HTTPS requests to ordinary HTTP requests, meaning data that is meant to be encrypted is sent insecurely
  • Harvest credentials and other sensitive information from the victim’s network
  • Destructive capability and can effectively “brick” the device if it receives a command from the attackers
  • Overwriting a section of the device’s firmware and rebooting, rendering it unusable
  • Monitoring of Modbus SCADA

 For more info, head over to this article.


Chat with our live agents for further assistance


Or, you can submit your query to us here and we
will get back to you within 3 working days


Was this article helpful?
0 out of 0 found this helpful