Skip to main content

FBI: Reboot, reset your router immediately to prevent cyberattacks

Russian-linked router malware is much more dangerous than we thought

New VPNFilter malware targets at least 500K networking devices worldwide
Cisco

Following reports that a type of malware has infected more than 700,000 routers used in homes and small businesses in more than 50 countries, the FBI is urging all consumers to reboot their routers. The VPNFilter malware was discovered by Cisco’s security researchers and affects routers made by Asus, D-Link, Huawei, Linksys, Mikrotik, Netgear, QNAP, TP-Link, Ubiquiti, Upvel, and ZTE. The U.S. Department of Justice said the authors of the VPNFilter were part of the Sofacy group that answered directly to the Russian government, Reuters reported, and that Ukraine was the likely target of the attack.

“The VPNFilter malware is a multistage, modular platform with versatile capabilities to support both intelligence collection and destructive cyberattack operations,” Cisco said in a report. Because the malware could collect data from the user and even perform a large-scale destructive attack, Cisco recommends that owners of SOHO or network attached storage (NAS) devices be especially cautious with this type of attack. And since it’s unclear how compromised devices were infected in the first place, officials are urging users of all routers and NAS devices to reboot.

This is doubly important now, as further analysis shows that the list of vulnerable hardware is much longer than originally thought. Where 14 device models were said to be vulnerable following the initial announcement, that list has grown to cover tens of devices from a number of manufacturers. This makes as many as 700,000 routers vulnerable around the world and an even greater number of connected users.

Even more problematic is that those affected are vulnerable to a newly discovered element of the malware which allows it to perform a man-in-the-middle attack on incoming traffic that passes through the router. That makes everyone on infected networks susceptible to attack and data theft. The malware module, called “ssler” also actively scans web URLs for sensitive information like login credentials, which can then be sent back to a control server, as per Ars Technica. It does this by actively downgrading protected HTTPS connections into far more readable HTTP traffic.

What’s most striking about this latest discovery, is that it highlights how router owners and connected devices are targets too, not just the potential victims of the botnet that was actively created through the proliferation of this malware.

Regardless, recommendations for securing your own network remain the same.

“The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices,” FBI officials warned. “Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”

There are three stages to VPNFilter — a persistent stage 1 and non-persistent stages 2 and 3. Because of how the malware works, rebooting will clear out stages 2 and 3 and mitigate most problems. The FBI had seized a domain used by the malware’s creator to deliver stages 2 and 3 of the attack. These later stages cannot survive a reboot.

The Justice Department also issued a similar warning, urging users to reboot their routers. “Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible, temporarily eliminating the second-stage malware and causing the first-stage malware on their device to call out for instructions,” the department said in a statement. “Although devices will remain vulnerable to reinfection with the second-stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.”

Cisco advised all users to perform a factory reset of their devices, which would clear out even stage 1 of the malware. If you’re unclear on how to perform a factory reset, you should contact the router manufacturer for instructions, but in general, inserting a paper clip into the “reset” button located on the back or bottom of your router and holding it in place for a few seconds will wipe your router. Additional recommendations to mitigate future attacks are also found in Cisco’s report.

Updated on June 6: Added news of newly affected routers and attack vectors.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Best OLED monitor deals: Get an OLED screen from just $450
Marvel's Spider-Man running on the Samsung Odyssey OLED G8.

Shopping some of the best monitor deals is a good way to save on some extra screen real estate, but if you’re looking for something that can produce a stunning image you should turn your shopping cart toward the OLED monitors. OLED is one of the best picture technologies currently available, and it can create a lifelike image that makes interacting with games, presentations, and creative work much more immersive. The best OLED monitors can run pretty expensive, but that’s what OLED monitor deals are for. If you’re looking for superior picture quality and some ways to save, read onward for more details on the best OLED monitor deals taking place right now.
ViewSonic 15.6-inch VX1655 4K OLED portable monitor — $450, was $500

Getting into the OLED game can be both affordable and portable with the ViewSonic VX1655. It’s a 4K OLED display that’s made to function as either a laptop extension or something to pair with a tablet. It comes in at a super sharp 4K resolution and a refresh rate of 60Hz. This isn’t something you’d want to pair with a gaming PC, but it’s a great little display to keep with you if you do creative work on the run or want some extra screen real estate while working on a tablet at your desk.

Read more
Best monitor deals: Gaming, office, curved, OLED and more
Dell UltraSharp 27 4K PremierColor Monitor

Whether you prefer to work at one of the best desktop computers, the best laptops, or anything in between, an external monitor can be helpful to add some extra screen real estate. One of the best monitors can even go a long way toward reducing eye strain and creating an immersive digital or gaming experience. While high end monitors can get quite expensive, there are always some impressive monitor deals to shop, and we’ve tracked them all down. Reading onward you’ll find what we feel are the best monitor deals, whether you’re shopping for 4K monitors, gaming monitors, ultrawide monitors, or more general monitors meant for all-purpose users.
Best monitor deals

The following deals represent a best-of of the deals below. They're selected to give a mixture of prices, styles, and levels of discount. If you don't see something you like, don't worry, as the following sections will have plenty more deals for you to choose from. However, this is a highly recommended place to start:

Read more
7 best Chromebooks for 2024: the best for every budget
Close up of the Chrome logo on the top of a Chromebook.

Chromebooks might have a hard time competing with Windows laptops and MacBooks, but that doesn't mean they don't have their place. We've reviewed hundreds of laptops over the years, testing for important qualities like performance, battery life, and display quality — and we've found that Chromebooks consistently excel at performance and reliability.

You can find Chromebooks from Google, HP, Lenovo, Acer, and many others, and we've dug through them to put together this roundup of the best Chromebooks on the market. They're incredibly accessible devices, and for the right person, a Chromebook can be the best laptop in terms of value.

Read more