Skip to main content

FBI: Reboot, reset your router immediately to prevent cyberattacks

Russian-linked router malware is much more dangerous than we thought

New VPNFilter malware targets at least 500K networking devices worldwide
Cisco

Following reports that a type of malware has infected more than 700,000 routers used in homes and small businesses in more than 50 countries, the FBI is urging all consumers to reboot their routers. The VPNFilter malware was discovered by Cisco’s security researchers and affects routers made by Asus, D-Link, Huawei, Linksys, Mikrotik, Netgear, QNAP, TP-Link, Ubiquiti, Upvel, and ZTE. The U.S. Department of Justice said the authors of the VPNFilter were part of the Sofacy group that answered directly to the Russian government, Reuters reported, and that Ukraine was the likely target of the attack.

“The VPNFilter malware is a multistage, modular platform with versatile capabilities to support both intelligence collection and destructive cyberattack operations,” Cisco said in a report. Because the malware could collect data from the user and even perform a large-scale destructive attack, Cisco recommends that owners of SOHO or network attached storage (NAS) devices be especially cautious with this type of attack. And since it’s unclear how compromised devices were infected in the first place, officials are urging users of all routers and NAS devices to reboot.

This is doubly important now, as further analysis shows that the list of vulnerable hardware is much longer than originally thought. Where 14 device models were said to be vulnerable following the initial announcement, that list has grown to cover tens of devices from a number of manufacturers. This makes as many as 700,000 routers vulnerable around the world and an even greater number of connected users.

Even more problematic is that those affected are vulnerable to a newly discovered element of the malware which allows it to perform a man-in-the-middle attack on incoming traffic that passes through the router. That makes everyone on infected networks susceptible to attack and data theft. The malware module, called “ssler” also actively scans web URLs for sensitive information like login credentials, which can then be sent back to a control server, as per Ars Technica. It does this by actively downgrading protected HTTPS connections into far more readable HTTP traffic.

What’s most striking about this latest discovery, is that it highlights how router owners and connected devices are targets too, not just the potential victims of the botnet that was actively created through the proliferation of this malware.

Regardless, recommendations for securing your own network remain the same.

“The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices,” FBI officials warned. “Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”

There are three stages to VPNFilter — a persistent stage 1 and non-persistent stages 2 and 3. Because of how the malware works, rebooting will clear out stages 2 and 3 and mitigate most problems. The FBI had seized a domain used by the malware’s creator to deliver stages 2 and 3 of the attack. These later stages cannot survive a reboot.

The Justice Department also issued a similar warning, urging users to reboot their routers. “Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible, temporarily eliminating the second-stage malware and causing the first-stage malware on their device to call out for instructions,” the department said in a statement. “Although devices will remain vulnerable to reinfection with the second-stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.”

Cisco advised all users to perform a factory reset of their devices, which would clear out even stage 1 of the malware. If you’re unclear on how to perform a factory reset, you should contact the router manufacturer for instructions, but in general, inserting a paper clip into the “reset” button located on the back or bottom of your router and holding it in place for a few seconds will wipe your router. Additional recommendations to mitigate future attacks are also found in Cisco’s report.

Updated on June 6: Added news of newly affected routers and attack vectors.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
This Dell 15-inch Windows laptop is in the sale bin for $300
Someone using the Dell Inspiron 15 on their lap.

If you need a new laptop but you don't need an overly powerful machine, you should check out Dell's offer for the Dell Inspiron 15. From an already affordable original price of $380, it's currently even cheaper at just $300 following an $80 discount. There's always a lot of demand for laptop deals featuring dependable devices like this one, so you shouldn't take too much time thinking about it. Proceed with the purchase immediately if you want to pocket the savings.

Why you should buy the Dell Inspiron 15
Dell is one of the best laptop brands, because its machines are excellent choices for work or school -- and that extends to its budget offerings like the Dell Inspiron 15. With the 12th-generation Intel Core i3 processor, integrated Intel UHD Graphics, and 8GB of RAM, it's not going to challenge the best laptops in terms of performance, but it's more than enough for basic tasks. Activities like doing online research, building presentations, browsing social media, and watching streaming content won't be a problem with the Dell Inspiron 15, though you may consider upgrading to 16GB of RAM if you need a boost in processing power for your apps, as recommended by our guide on how much RAM do you need.

Read more
This Dell 2-in-1 laptop is over $1,100 off right now (seriously)
Dell Latitude 9330 tent view showing display and hinge.

If you're looking at 2-in-1 laptop deals because you like the versatility of these devices, you're going to love this opportunity to get the Dell Latitude 7430 2-in-1 laptop with a discount of $1,118. It's currently available from Dell for $1,009, for savings of $1,018 on its original price of $2,027, but you'll get an extra $100 off with the code SAVE100, which pulls its price down even further to $909. That's an absolute steal for this machine, so you better hurry with your purchase because we're not sure when the bargain will disappear.

Why you should buy the Dell Latitude 7430 2-in-1 laptop
The Dell Latitude 7430 falls under the convertible category of 2-in-1 laptops, according to our laptop buying guide. That means you can quickly and easily switch from laptop mode to tablet mode by folding its 14-inch touchscreen with Full HD resolution all the way back to below its keyboard. Not only is the device portable, but it's also capable of matching your needs at any given moment. You'll be able to use the keyboard for typing documents in laptop mode, and maximize the touchscreen for using apps in tablet mode, for example.

Read more
Usually $995, this Dell work-from-home laptop is $449 today
Dell Latitude 3420 on a desk hooked up to a monitor.

One of the best laptop deals comes courtesy of Dell and is perfect for anyone on a budget. Currently, you can buy the Dell Latitude 3420 laptop for $449 saving you $545 off the regular price of $995. It's currently on the Dell website for $499 but if you use the code SAVE50, you save an additional $50 bringing it down to its excellent new price. If you're in the market for a cheap laptop, take a look at what it offers below.

Why you should buy the Dell Latitude 3420
With Dell being one of the best laptop brands, you can be safe in the knowledge you get good value for money with the Dell Latitude 3420. It has an 11th-generation Intel Core i3 processor along with 8GB of memory and 256GB of SSD storage. Alongside that is a better screen than you'd normally get at this price. It has a 14-inch full HD display with 1920 x 1080 resolution and 250 nits of brightness.

Read more