Thousands of home and small business routers infected, FBI urges rebooting them

Security / Tech
Operation Avalanche

By rebooting your router, the second and third stage — the “destructive component” — of the VPNFilter malware will be removed from the device.

If you have a router in your home or small business, the FBI is urging you to reboot it. A global botnet attack left thousands of routers infected and the FBI recommendation comes after they seized a website connected to the botnet.

The botnet, dubbed VPNFilter, infected thousands of routers and is believed to be the work of the “Sofacy Group.” Also known as APT28 and Fancy Bear, the group is suspected to be linked to Russian intelligence. Routers in over 50 countries have been infected with the belief that the primary target was going to be Ukraine.

“Today’s announcement highlights the FBI’s ability to take swift action in the fight against cybercrime and our commitment to protecting the American people and their devices,” said FBI Cyber Division Assistant Director Scott Smith. “By seizing a domain used by malicious cyber actors in their botnet campaign, the FBI has taken a critical step in minimizing the impact of the malware attack. While this is an important first step, the FBI’s work is not done. The FBI, along with our domestic and international partners, will continue our efforts to identify and expose those responsible for this wave of malware.”

By rebooting your router, the second and third stage — the “destructive component” — of the VPNFilter malware will be removed from the device. However, the first stage of the malware will still remain on the router and the best way to remove it is to restore your router to its factory settings.

Affected devices include (note: these are confirmed cases; many other devices are likely to be affected):

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

Other safeguards recommended by the FBI, Symantec, Netgear, and Linksys include regularly changing your administrator password, updating the router software/firmware regularly, and disabling remote management of your router.

What do you think about the FBI’s recommendation to reboot your home or small business router? Do you have a router from one of the targeted companies? Let us know in the comments below or on Google+, Twitter, or Facebook.

  Source: Justice Department  Source: Reuters
Comments
To Top