New Malware Attacks Routers: What Churches Should Do

Is your church at risk?

The FBI recently made a formal PSA about a piece of malware called VPNFilter that is infecting routers used in homes and small businesses at an alarming rate. The difference in this strain versus others is that no one is quite sure what the impact will be, since it is a very sophisticated piece of malicious software.

What VPNFilter malware does

The malware uses default credentials to infect routers, meaning that it can be avoided by changing passwords and other security on devices. It “sniffs” network data where an infected device is physically located, gathering the passwords, usernames, and other credentials on that network. This can include supervisory control and data. And VPNFilter malware can serve as a relay point to hide the origin of incoming attacks that later use that information.

This software installs itself in three stages, and the impact of the third stage is not well known. The FBI has advised that everyone should reboot their routers, under the belief that this will mitigate the malware and prevent the third stage from executing in the future. However, this is not entirely correct in a technical sense.

Security engineers at Cisco Talos and Symantec recommend that people and organizations who own affected devices do a factory reset. This will remove the malware, but it also restores the router to all original settings. Because of the design of the malware to operate secretly in stages, it is difficult to tell if a router has been infected. So if your church’s router is listed below, you will want to have your internal IT resource or contracted IT provider perform a factory reset and reconfiguration of the router.

Steps churches should take

Protect your church’s router by taking the following steps.

1. Check to see if you are using any of the following routers:

  • ASUS: RT-AC66U, RT-N10, RT-N10E, RT-N10U, RT-N56U, RT-N66U
  • D-Link: DES-1210-08P, DIR-300, DIR-300A, DSR-250N, DSR-500N, DSR-1000, DSR-1000N
  • Huawei: HG8245
  • Linksys: E1200, E2500, E3000, E3200, E4200, RV082, WRVS4400N
  • Mikrotik: CCR1009, CCR1016, CCR1036, CCR1072, CRS109, CRS112, CRS125, RB411, RB450, RB750, RB911, RB921, RB941, RB951, RB952, RB960,
  • RB962, RB1100, RB1200, RB2011, RB3011, RB Groove, RB Omnitik, STX5
  • Netgear: DG834, DGN1000, DGN2200, DGN3500, FVS318N, MBRN3000, R6400, R7000, R8000, WNR1000, WNR2000, WNR2200, WNR4000, WNDR3700,
  • WNDR4000, WNDR4300, WNDR4300-TN, UTM50
  • QNAP: TS251, TS439 Pro, and other QNAP NAS devices running QTS software
  • TP-Link: R600VPN, TL-WR741ND, TL-WR841N
  • Ubiquiti: NSM2, PBE M5
  • UPVEL: Unknown models
  • ZTE: ZXHN H108N

2. If your router is listed above, perform a factory reset. This is typically accomplished by using something small and pointed, such as a straightened paperclip, to push the reset button on the back of the unit for 10 to 30 seconds (time varies by model). Note that you will need to set up the router again and reconnect devices that use it. Visit your router manufacturer’s website for instructions on performing a factory reset and setting up your router.

3. Whether or not your router is on the list above, you should change the password from the default. Visit your router manufacturer’s website for instructions. Note that if you do a factory reset, you will need to change the default password after performing the reset.

—Lisa Traina

This article is adapted from the blog post “Half a Million Routers Are Infected with Malware—Is Yours”? The post originally appeared on CapinCrouse.com. Used with permission.

This content is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. "From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations." Due to the nature of the U.S. legal system, laws and regulations constantly change. The editors encourage readers to carefully search the site for all content related to the topic of interest and consult qualified local counsel to verify the status of specific statutes, laws, regulations, and precedential court holdings.

Related Resources

Visit Store

Church IT

Learn how to find the best solutions when choosing software and hardware for your church.
ajax-loader-largecaret-downcloseHamburger Menuicon_amazonApple PodcastsBio Iconicon_cards_grid_caretChild Abuse Reporting Laws by State IconChurchSalary Iconicon_facebookGoogle Podcastsicon_instagramLegal Library IconLegal Library Iconicon_linkedinLock IconMegaphone IconOnline Learning IconPodcast IconRecent Legal Developments IconRecommended Reading IconRSS IconSubmiticon_select-arrowSpotify IconAlaska State MapAlabama State MapArkansas State MapArizona State MapCalifornia State MapColorado State MapConnecticut State MapWashington DC State MapDelaware State MapFederal MapFlorida State MapGeorgia State MapHawaii State MapIowa State MapIdaho State MapIllinois State MapIndiana State MapKansas State MapKentucky State MapLouisiana State MapMassachusetts State MapMaryland State MapMaine State MapMichigan State MapMinnesota State MapMissouri State MapMississippi State MapMontana State MapMulti State MapNorth Carolina State MapNorth Dakota State MapNebraska State MapNew Hampshire State MapNew Jersey State MapNew Mexico IconNevada State MapNew York State MapOhio State MapOklahoma State MapOregon State MapPennsylvania State MapRhode Island State MapSouth Carolina State MapSouth Dakota State MapTennessee State MapTexas State MapUtah State MapVirginia State MapVermont State MapWashington State MapWisconsin State MapWest Virginia State MapWyoming State IconShopping Cart IconTax Calendar Iconicon_twitteryoutubepauseplay
caret-downclosefacebook-squarehamburgerinstagram-squarelinkedin-squarepauseplaytwitter-square