Categories
Hacks News privacy security Software Wi-Fi wireless

FBI warns users to reboot their wireless routers to disable Russian-linked “VPNFilter” malware

The FBI itself has issued a warning and you might want to follow their advice.

The FBI recently issued a security notice warning that all home and small office routers should be rebooted after Cisco’s Talon group discovered sophisticated Russian-linked “VPNFilter” malware infecting at least 500,000 networking devices.

Per the warning, the malware is described as follows:

“VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router.”


Routers tend to be the most alluring targets for hackers in that they’re directly connected to the Internet and aren’t often protected by typical antivirus or security software. Most people don’t install router firmware updates, either, which can leave vulnerabilities exposed. VPNFilter also encrypts its network traffic, which can make detection even more difficult, the FBI says.

The Cisco Talon group, which studied the malware said the software originated in the Ukraine, the Justice Department connecting VPNFilter to “Sofacy Group,” an espionage group associated with Russia.

According to the FBI’s security notice, router owners should reboot their devices. Cisco’s Talon group stated that “Due to the potential for destructive action by the threat actor, we recommend out of an abundance of caution that these actions be taken for all SOHO or NAS devices, whether or not they are known to be affected by this threat.”

The following routers and devices are thought to be at risk and therefor should be rebooted:
– Linksys E1200

– Linksys E2500

– Linksys WRVS4400N

– Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072

– Netgear DGN2200

– Netgear R6400

– Netgear R7000

– Netgear R8000

– Netgear WNR1000

– Netgear WNR2000

– QNAP TS251

– QNAP TS439 Pro

– Other QNAP NAS devices running QTS software

– TP-Link R600VPN

Most importantly, the FBI and Cisco’s Talon group recommend rebooting the router, even if it’s not on the list. Rebooting your router eradicates what Cisco calls the “Stage 2” and “Stage 3” elements of VPNFilter—the destructive part of the malware. To reboot your router, simply unplug it from the wall, wait 30 seconds, and plug it back in and you’re done

Stay tuned for additional details as they become available.

Via PCWorld