FBI urging everyone to reboot routers, prevent spread of Russian malware

Resetting the router temporarily removes the infection

Wi-Fi symbol

The FBI is asking everyone to reboot their Wi-Fi routers to help stop the spread of Russian malware.

According to a public service announcement released by the bureau, malicious actors used malware known as ‘VPNFilter’ to compromise hundreds of thousands of routers.

What can it do?

The malware can collect information, block network traffic and exploit devices in other ways. It also contains the ability to issue a “self-destruct” command that makes routers inoperable.

The malware resides within the memory in the router, which gets cleared out when the device is restarted. It is a temporary fix that forces the attackers to re-infect the router. However, restarting the router doesn’t fix the vulnerability that enabled it in the first place.

An analysis by Cisco’s Talos threat intelligence division predicts the malware has affected as many as half a million devices in 54 countries. Additionally, the analysis states the “self-destruct” command can target individual devices or be triggered on a large scale.

Who’s at risk?

There are a number of affected routers from different companies. You can see a full list below. Even if your router is not on the list, it may be better to play it safe and perform a reboot anyway.

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

Having the malware on your router puts you at risk of data theft — any data travelling through the router is at risk — as well as DDOS attacks and attacks on other devices.

Where did it come from?

The attack is suspected to come from a Russian intelligence group known as A.P.T. 28. The FBI has already received permission to seize a web domain critical to controlling the malware. With the domain under its control, the bureau can now bounce any further attempts to infect routers to a FBI server so they can track the IP address of the affected device.

The best thing users can do now is make sure their routers are updated to the newest software. Doing so should patch vulnerabilities like this. Additionally, it’s advisable to turn off a feature called Remote Network Management. This features allows users to configure Wi-Fi and network devices remotely. Doing so can make it harder for attackers to access the vulnerability.

Source: Global News