FBI warns owners of routers to reboot their devices

You know cyber-security threats are serious when the FBI gets involved. Following Cisco’s recent report that 500,000 infected routers could be destroyed via malware, the FBI has taken action to warn small businesses and households to immediately reboot their devices.

ZD Net explains that “the malware, dubbed VPNFilter, was developed by the Russian state-sponsored hacking group Sofacy.” The malware was discovered by Cisco’s Talos Intelligence researchers, and looks to have infected routers made by Linksys, MikroTik, Netgear, and TP-Link.

In fact, if you’re an owner of one of these specific devices, the FBI wants you to immediately reboot it:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • MikroTik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

Why is this malware such a potential threat? Well, ZD Net explains that its “most worrying capability is that [the] malware allows its controllers to wipe a portion of an infected device’s firmware, rendering it useless. The attackers can selectively destroy a single device or wipe all infected devices at once.”

Unfortunately, the reboot will not completely save your router if you have been infected with this malware. After rebooting, Stage 2 and Stage 3 of the components of VPNFilter – the most dangerous components – will be removed. However, Stage 1 will linger, meaning there is the potential for hackers to reinfect your router in the future. The FBI is currently working on ways of preventing this.

Source: zdnet.com – FBI to all router users: Reboot now to neuter Russia’s VPNFilter malware
Published: May 29, 2018