A group of Russian hackers recently unleashed a malware that has already infected hundreds of thousands of internet routers worldwide. The FBI has encouraged all US residents to reset their internet routers — here’s how.
Yet another major cyber threat is looming ominously over the internet.
This time, a malware attack, originating from Russia, is targeting internet routers and network-attached storage devices.
If this malware has infected your internet router, it could collect data, block your internet traffic, and render the devices inoperable.
The VPNFilter Malware
On May 25, the U.S. FBI released a public service announcement recommending that all owners of small home and office routers reboot their devices “to temporarily disrupt the malware and aid the potential identification of infected devices.”
The malware, called VPNFilter, can intercept information that travels over the network which the internet router is connected to, block the network, and even take control of some devices.
The same Sofacy group, believed to be answering to the Russian government, is suspected to be behind the Democratic National Committee email leak, which occurred during the 2016 presidential election.
Talos, a Cisco cyber intelligence unit, aided by many cybersecurity companies and experts from around the world, was investigating the VPNFilter malware long before the FBI issues its warning.
According to Cisco Talos, the malware has already infected over half a million homes and workplace internet routers and storage devices in 54 countries.
At this point, the list of infected internet routers includes dozens of models made by Huawei, ASUS, D-Link, TP-Link, ZTE, Ubiquiti, UPVEL, Netgear, Linksys, MikroTik, and the malware botnet is growing.
No matter which model you own, you have to reboot it now if you haven’t already. However, this might not be enough.
What Should you do now to Minimize the Risk?
Shortly after the discovery of VPNFilter, the U.S. DoJ seized the domain used to monitor the botnet of 500k+ hacked routers.
This should mean that a simple reboot of the routers is enough to counter the threat, which is true if there’s only one domain from which hackers send command prompts to infected routers.
However, the malware is unfortunately still there waiting for new instructions.
Since the first warnings of the malware, it seems that things got worse and router users need to do more than just rebooting.
This isn’t your “average” hacker looking for a few extra bucks. The sophisticated malware attack is orchestrated by a cyber-espionage group backed by a government.
The malware is “targeting more makers and models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints,” said Talos in an update.
You can’t really tell if your router is infected without expert technical knowledge that most average users lack.
Also, a simple reboot probably won’t fix everything.
However, it won’t hurt if you reset your router properly, and here’s how:
- Don’t just turn the device off then on as this move won’t remove the malware completely.
- Unplug the router from the power socket for at least 30 seconds before plugging it back in.
- Make sure you have the latest version of the firmware. Check the router maker’s website to look for firmware updates and follow the instructions.
- Delete default login credentials if you are still using them as these can easily be found. Set a new username and password.
- Even if you’ve been using a password, choose a new strong one.
Information is still unclear as to what exactly this malware will be used for, but it is best to reset your router now before new additions or improvements to the malware are made.