The FBI has issued an urgent warning and request to everyone who owns a home router to reboot the device to thwart a Russian cyber attack. Cisco security researchers at the company’s cyber intelligence unit by the name of Talos warned of the attack by malware named VPNFilter. According to Talos VPNFilter has infected an estimated 500,000 consumer routers in 54 countries. Routers targeted are Linksys, MikroTik, Netgear and TP-Link, and potentially others.
On Friday the FBI warned that anyone with a small office or home office router (SOHO) reboot their devices to stop the malware. Rebooting is simply turning the device off and then back on again.
According to the FBI the threat is “significant.” The FBI warning stated that the malware, once it has infected the router, could stop the router from working, collect user information from any device connected to it and possibly block network traffic.
The Justice Department has reported that the malware is connected to a Russian government backed cyber espionage group that’s been called Sofacy, APT 28 or Fancy Bear by researchers.
The problem is that the FBI can’t determine how VPNFilter is getting on people’s systems. By rebooting the router owners can disrupt the malware and delete parts of it’s code. However, the router can be reinfected.
As part of the operation to shutdown the malware attack the FBI, armed with a court order, seized control of a key server in the Kremlin’s global botnet of hacked routers.
The seizure destroys VPNFilter’s ability to reactivate after a router reboots, according to Vikram Thakur, technical director at Symantec. “The payload itself is non-persistent and will not survive if the router is restarted,” said Thakur. “That payload will vanish.”
You can check the security of your router free by visiting F-Secure.com Router Check.
See also: Oregon FBI Tech Tuesday: Building a Digital Defense Against the “VPNFILTER” Malware
