VPN Filter Malware alert

Recently, you may have received a letter and/or email from Virgin Media explaining we’ve been told that an online device on your network contains the malware VPNFilter. If you’ve received this note from us, please follow the advice on this page to help fix the problem.

Overview

VPNFilter is a form of malware that specifically targets networking equipment running on a home network – specifically internet routers and Network Attached Storage (NAS) devices.

If we think that a customer has become infected with malware, we’ll send them an alert giving an overview of the malware infection and advice on what to do next.

What’s happened?

We work with a number of not-for-profit organisations across the banking industry and security sectors that collate information on devices across the internet that are infected with malware. They’ve let us know that a device connected to your Virgin Media broadband is infected with malware.

We’re unable to specify exactly which device in your home is infected, but it’s likely to be either a Network Attached Storage (NAS) device or an internet router that’s not been provided by us.

To ensure your personal and financial data isn’t compromised, you’ll need to follow the steps below to remove the malware as soon as possible.

What can I do about it?

If you know a few of the basics when it comes to computers and connected devices, there are a number of steps you can take to secure your home network. *

Please select a scenario that fits your situation:

If you’re using a 3rd party router in conjunction with your Virgin Media Hub, it may be infected with the VPNFilter Malware. To remove the infection, please follow the below steps in order:

Remove the router from your Virgin Media Hub

Disconnect the 3rd party router from your Virgin Media Hub so that it disconnects the affected router from the internet.

Factory reset the router

In order to successfully remove the malware from the router, a full factory reset is required to bring it back to its default settings. Most routers will allow you to do this through the same configuration page that you may use to change your wireless password and network name.

For specific instructions on how to do this, please refer to the manual that came with your router or contact the manufacturer. Please note that this action will remove any custom data or settings from the device.

Change the admin password for your router

It’s likely that the default admin password was used by a 3rd party to log in to your router to install the VPNFilter malware. These default passwords are often used for many systems provided by the same manufacturer, so they’re not unique.

To avoid being infected again, we recommend changing the admin password used to access your router’s admin pages to something that’s unique to you.

Update the software on your router

It’s also possible that a malicious 3rd party exploited a known security flaw present in an older version of the software running on your router in order to gain access and install the malware.

Updating the software/firmware on your router to the latest version is the best way of protecting your device from being infected again in this manner. We also recommend enabling automatic updates if this option is available in order to help keep your router up to date.

For specific instructions on how to do this on your router, please refer to the manual that came with your router or contact the manufacturer.

Change any ‘default’ passwords used by other devices

To best protect all the devices in your home from future security issues, we strongly recommend that you change the default passwords of any devices connected to your home network.

Devices that are commonly sent with default passwords are internet connected appliances such as routers, Network Attached Storage (NAS) devices and CCTV systems.

For specific instructions on how to do this for these devices, please refer to the manual that came with the device or contact the manufacturer.

Disable remote access

It’s also recommended to turn off remote access/remote management if you don’t have reason to access your router outside of your home.

Remote access is generally disabled by default, but if you’re unsure how to check this on your router or for specific instructions on how to disable it, please refer to the manual that came with your router or contact the manufacturer.

If you’re using a Virgin Media Superhub or Hub 3, you can rest assured that we have no evidence to suggest your router is vulnerable to being infected with VPNFilter.

If the malware has been detected on your home network, it may be present on a Network Attached Storage (NAS) device running in your home. There’s no evidence to suggest other types of internet connected devices are being targeted by this malware.

To remove the infection, please follow the below steps in order:

Backup any data you want to keep

Before taking steps to remove the Malware from a Network Attached Storage (NAS) device in your home, we strongly recommend you backup any data you want to keep from the device as removing the VPNFilter malware infection will involve restoring your NAS device back to factory settings.

The method for backing up data from your NAS device to a computer varies between different makes and models of NAS devices, for specific instructions on how to do this for your device please refer to its manual or contact the manufacturer.

Factory reset your NAS device

Please note this step will remove ALL the data stored on your NAS device, this may include any photos, videos or other files that you may have uploaded to it. Please backup your data.

In order to remove the VPNFilter infection from your NAS device, it will need to be restored to factory settings. Most systems will allow you to do this through the same configuration page that you may use to configure other parts of your NAS device.

For specific instructions on how to do this, please refer to the manual that came with your system or contact the manufacturer.

Please note that simply rebooting the device will be insufficient, a full factory reset is required to completely remove the infection.

Change the admin password for your device

It’s likely that the default admin password was used by a 3rd party to login to your system to install the VPNFilter malware. These default passwords are often used for many systems provided by the same manufacturer, so they are not unique.

To avoid being infected again, we recommend changing the admin password used to access your system’s configuration page to something that’s unique to you.

Update the software/firmware

It’s also possible that a malicious 3rd party exploited a known security flaw present in an older version of the software running on your system in order to gain access and install the malware on your NAS device.

Updating the software/firmware on your NAS device to the latest version is the best way of protecting your device from being infected again in this manner. We also recommend enabling automatic updates if this option is available in order to help keep your device up to date.

For specific instructions on how to do this on your device, please refer to the manual that came with your NAS device or contact the manufacturer.

Change any ‘default’ passwords used by other devices

To best protect all the devices in your home from future security issues, we strongly recommend that you change the default passwords of any devices connected to your home network.

Devices that are commonly shipped with default passwords are internet connected appliances such as routers, Network Attached Storage (NAS) devices and CCTV systems.

For specific instructions on how to do this for these devices, please refer to the manual that came with the device or contact the manufacturer.

 

Further advice

It’s possible that other devices that connect to your broadband connection could have become compromised as a result of the VPNFilter malware. It is therefore important to follow the below steps:
 

Run anti-virus scans on all devices

The easiest way to do this is by using an online virus scanner. If you have an existing security package installed, check the instructions to see how to remove infections from your devices. If you do not have an existing anti-virus, we would recommend installing one as soon as possible.
 

Change passwords for all your accounts

Once you have run anti-virus scans and removed any potential malware, you should change the passwords for all the online and email accounts you use.

If a malicious third party got hold of any of your passwords as a result of the malware infection, it‘s very likely they tried to or will try to use the same passwords across as many websites and online services as possible. This is in the hope that the same passwords are used for other accounts you use online.

When changing your passwords, it’s important you use different ones for all your online accounts and pick strong passwords that are difficult to guess. For more information on how to do that, please visit virginmedia.com/strongpassword
 

Activate Web Safe

To help avoid future infections, we recommend turning on Virus Safe – available as part of our free Web Safe service. Web Safe will help you block access to websites known to be infected with or spread malware. To access Web Safe, just register or sign in to Your Account at virginmedia.com/myvirginmedia and select My Apps.

 

How do I know I’m now safe?

If you have followed the above advice & have rescanned your device and found it to be clean, you should have resolved the issue.

If you would like further advice or to verify that this is a genuine Virgin Media communication then our community will be happy to help. Just visit virginmedia.com/community, select 'Help forum' and join in the conversation on the Security Matters board.

Where can I find further information and advice?

If you’d like further advice then our forum community will be happy to help. Just visit virginmedia.com/community and join the conversation on our Security Matters board.

You can find general security advice and articles on other vulnerabilities by checking Security Hub at virginmedia.com/securityhub

 

Internet Matters

Virgin Media supports Internet Matters: a not-for-profit organisation working with online safety experts to bring you all the information you need to help keep your children safe online.

For more information about Internet Matters, please click here

 

*Note: This article is intended to provide advice. Virgin Media is not responsible for any issues encountered in the course of resolving the issue and is not able to provide any technical support for such problems.

**Links to external sites are provided as a courtesy and virgin media is not responsible for the content of these sites or any issues encountered as a result of  applying information from these sites. Virgin media are not able to provide any technical support for such problems.


Need more help


    Ask our community

  • Helpful, friendly forums
  • Packed with tips and advice
  • Staffed by Virgin Media

   


    Contact us

  • Get in touch with our friendly team
  • Waiting times may vary
  • Free from Virgin Media phones or mobile