FBI recommends rebooting your router
The FBI is asking all Americans to reboot their internet routers after warning that Russia has compromised hundreds of thousands of devices worldwide with malware.
The Bureau issued a statement last week which said, “The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.”
The FBI said VPNFilter can render small office and home office routers inoperable and added the malware could potentially collect information passing through the router.
The FBI said rebooting the devices can disrupt the malware and help identify the identification of infected routers. Owners were advised to disable remote management of their devices and make sure they use strong passwords and encryption when possible. The Bureau added that owners upgrade routers with the latest versions of firmware.
Earlier in the week, the Justice Department announced an effort to disrupt a global botnet group infecting hundreds of thousands of routers and other devices under a group known as the “Sofacy Group.” Officials said the group has been operating since 2007, targeting governments, military, security organizations and other targets of perceived intelligence value.
The Sofacy group is also known as “apt28,” “x-agent,” “pawn storm,” “fancy bear,” and “sednit.”
“The Department of Justice is committed to disrupting, not just watching, national security cyber threats using every tool at our disposal,” said Assistant Attorney General John C. Demers. “This effort is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attack, and the misattribution of such activities.”
The FBI said it took control of a domain used by cybercriminals in the botnet campaign, called toknowall.com. The Bureau is now looking to identify those responsible for creating and distributing the malware.
“The FBI will not allow malicious cyber actors, regardless of whether they are state-sponsored, to operate freely,” said FBI Special Agent in Charge Bob Johnson. “These hackers are exploiting vulnerabilities and putting every American’s privacy and network security at risk.”
Tech website CNET said the FBI’s instructions are “somewhat vague.” The website said rebooting, or turning your router off and on can’t hurt. However, CNET cited a report by Cisco which said restarting alone won’t do the trick. Cisco’s report said VPNFilter can survive until the affected device is reset to its factory-default settings.
CNET said that process is simple, and usually requires little more than holding down a reset button on the router. But, it also means users will have to reconfigure all network settings. CNET recommended checking your model’s instruction manual for help with both steps.