FBI: “Please Reboot Your Router”

Posted on

Plenty of news outlets have reported on the existence of a rather nasty-sounding malware – thought to originate in Russia – that may have already infected hundreds of thousands of Internet routers up and down the country. The FBI, however, may have a surprisingly easy fix for the problem: switch your router off, then turn it on again.

The official FBI public service announcement explains what this piece of malicious software is capable of. “VPNFilter is able to render small office and home office routers inoperable,” it notes, adding that “the malware can potentially also collect information passing through the router.”

It’s not easy to discover, either. Apparently, identifying and assessing the network activity of the malware in question “is complicated by its use of encryption and misattributable networks.”

Clearly, it’s a sophisticated piece of tech; the FBI attributes the malware to “foreign cyber actors” and The New York Times reports that it’s of Russian origin, with the Justice Department linking it to the Sofacy Group. Also known as Fancy Bear, this is the same Russian military intelligence agency outlet that hacked the DNC servers prior to the 2016 presidential election.

The FBI explains that “the size and scope of the infrastructure impacted by VPNFilter malware is significant. The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer.”

This sounds both grim and complicated, which makes it all the more impressive that the temporary solution to the problem may be deceptively simple. “The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices,” it says, almost nonchalantly.

ArsTechnica reports that later “stages” of the malware, which steal data and so on, are temporarily disabled during a reboot. Upon rebooting, stage one calls out to the now-seized website for instructions, which allows the FBI to identify the infected device.

They also advise people to perhaps disable any remote management settings on their device, make sure their passwords are strong, and to activate any encryption software if available. If you can, make sure the devices are operating the most up-to-date version of the firmware.

According to the Guardian, the warning followed on from a recent court order that permitted the FBI to take control of a website, one the hackers planned to use to command the malware within the routers. Although this ability has since been disabled, the routers still remain infected if no further action has been taken on the part of the owners.

Far from just the US, by the way, infections have apparently been detected in at least 54 countries, with Ukraine thought to be the prime target for the hackers.