"Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide," the FBI's public service announcement reads. "The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic." It can also "destroy the devices with a single command," explains Ars Technica.
Routers were left infected even though the FBI seized a website used to direct hacked routers, which "cut off malicious communications," according to Reuters.
The below devices are vulnerable to the malware according to a post from Symantec.
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
Symantec notes that rebooting your device will remove any "stage 2" or "stage 3" elements downloaded by VPNFilter. Rebooting will "(temporarily at least) remove the destructive component of VPNFilter." However, those removed elements could be reinstalled by hackers. Reboot the router and "you should then apply the latest available patches to affected devices and ensure that none use default credentials," writes Symantec.