Skip to main content

FBI: Reboot, reset your router immediately to prevent cyberattacks

Russian-linked router malware is much more dangerous than we thought

New VPNFilter malware targets at least 500K networking devices worldwide
Cisco

Following reports that a type of malware has infected more than 700,000 routers used in homes and small businesses in more than 50 countries, the FBI is urging all consumers to reboot their routers. The VPNFilter malware was discovered by Cisco’s security researchers and affects routers made by Asus, D-Link, Huawei, Linksys, Mikrotik, Netgear, QNAP, TP-Link, Ubiquiti, Upvel, and ZTE. The U.S. Department of Justice said the authors of the VPNFilter were part of the Sofacy group that answered directly to the Russian government, Reuters reported, and that Ukraine was the likely target of the attack.

“The VPNFilter malware is a multistage, modular platform with versatile capabilities to support both intelligence collection and destructive cyberattack operations,” Cisco said in a report. Because the malware could collect data from the user and even perform a large-scale destructive attack, Cisco recommends that owners of SOHO or network attached storage (NAS) devices be especially cautious with this type of attack. And since it’s unclear how compromised devices were infected in the first place, officials are urging users of all routers and NAS devices to reboot.

This is doubly important now, as further analysis shows that the list of vulnerable hardware is much longer than originally thought. Where 14 device models were said to be vulnerable following the initial announcement, that list has grown to cover tens of devices from a number of manufacturers. This makes as many as 700,000 routers vulnerable around the world and an even greater number of connected users.

Even more problematic is that those affected are vulnerable to a newly discovered element of the malware which allows it to perform a man-in-the-middle attack on incoming traffic that passes through the router. That makes everyone on infected networks susceptible to attack and data theft. The malware module, called “ssler” also actively scans web URLs for sensitive information like login credentials, which can then be sent back to a control server, as per Ars Technica. It does this by actively downgrading protected HTTPS connections into far more readable HTTP traffic.

What’s most striking about this latest discovery, is that it highlights how router owners and connected devices are targets too, not just the potential victims of the botnet that was actively created through the proliferation of this malware.

Regardless, recommendations for securing your own network remain the same.

“The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices,” FBI officials warned. “Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”

There are three stages to VPNFilter — a persistent stage 1 and non-persistent stages 2 and 3. Because of how the malware works, rebooting will clear out stages 2 and 3 and mitigate most problems. The FBI had seized a domain used by the malware’s creator to deliver stages 2 and 3 of the attack. These later stages cannot survive a reboot.

The Justice Department also issued a similar warning, urging users to reboot their routers. “Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible, temporarily eliminating the second-stage malware and causing the first-stage malware on their device to call out for instructions,” the department said in a statement. “Although devices will remain vulnerable to reinfection with the second-stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.”

Cisco advised all users to perform a factory reset of their devices, which would clear out even stage 1 of the malware. If you’re unclear on how to perform a factory reset, you should contact the router manufacturer for instructions, but in general, inserting a paper clip into the “reset” button located on the back or bottom of your router and holding it in place for a few seconds will wipe your router. Additional recommendations to mitigate future attacks are also found in Cisco’s report.

Updated on June 6: Added news of newly affected routers and attack vectors.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
This HP gaming laptop is only $700 for Memorial Day weekend
HP Victus placed outside while displaying an attractive background.

If you're going to pick up a new gaming laptop, then you may want to opt for one of the best laptop brands on the market, and with names like Alienware and Lenovo in the mix, there's quite the competition. That said, HP makes some great gaming laptops as well, and if you're looking to upgrade or buy something new, this early Memorial Day sale on the Victus 15 is worth considering, especially with the sort of specs you get under the hood. While this configuration usually goes for $1,000, HP has discounted it down to just $700, so you save yourself an extra $300 with this deal.

Why you should buy the HP Victus 15
One of the most important things when it comes to any gaming computer is the GPU, and we're happy to report that this HP Victus 15 comes with an RTX 3050, which is a solid entry-level GPU that's good for casual, indie, and older games. That said, you can do an upgrade to an RTX 4050 for an extra $90, which we'd strongly suggest since it gives you a bit more power, plus access to DLS 3, a tech that some games have implemented to get smoother framerates. Another thing we'd probably suggest as a must-have upgrade is going from the base 8GB to 16GB, and at $70, it's well worth it in the long run for a higher quality of life.

Read more
Save $450 on this Samsung 32-inch 4K monitor for Memorial Day
Sackboy A Big Adventure running on the Samsung Odyssey Neo G8 monitor.

If you have one of the best GPUs on the market, such as the RTX 4080, then you're going to need to back it up with a powerful gaming monitor like the Samsung Odyssey Neo G8. Samsung makes some of the best gaming monitors on the market, and while they can be pretty expensive, luckily, there are some great early Memorial Day deals you can take advantage of. For example, you can snag the Samsung Odyssey Neo G8 right now from Samsung for just $850 rather than the usual $1,300 it goes for.

Why you should buy the 32-inch Odyssey Neo G8
The Samsung Odyssey Neo G8 has a lot of excellent features, which is great given it has a pretty high price tag too. Probably one of the most impressive parts is the fact that it can hit a whopping 240Hz refresh rate at 4K, which is rare for that resolution and perfect if you're running something like an RTX 4090. Of course, even with the most powerful graphics card on the market, it's doubtful you'll hit that refresh rate at the highest graphical settings, but at least you do have the option to prioritize refresh rate or graphics. The high specs also make the monitor pretty future-proof, at least for the next generation of GPUs, maybe even two.

Read more
Why Samsung has the most exciting Copilot+ PC right now
The keyboard and trackpad of the Galaxy Book4 Edge.

We were just inundated with a whole slew of new Windows laptops. These aren't your average notebooks, though -- they're part of Microsoft's new Copilot+ PC program -- built from the ground up with AI and ARM chips in mind.

A lot of these laptops emphasize the same performance and battery life gains caused by Qualcomm's Snapdragon X chips. Those are impressive, but comparing all these laptops against each other, it's Samsung's entry that makes me the most excited.
Design efficiency

Read more