Remember when the world discovered thatwith sophisticated “VPNFilter” malware that could, among other things, cut off access to the internet or be used for Russian spying?
Today, the FBI is asking everyone — yes, everyone — to reboot their routersimmediately. Right now, even. Or maybe after you finish reading this story.
In a public service announcement published Friday and noted by Ars Technica, and a new addition to a US Department of Justice press release, the FBI explains that it’s hoping that your actions will help the US government destroy a botnet before a Russian hacking group, Sofacy, can harden the malware’s defenses.
How would pressing a button on your router help, though? According to the FBI, rebooting your router will destroy the part of the malware that can do nasty things like spy on your activities, while leaving the install package intact. And when that install package phones home to download the nasty part, the FBI will be able to trace that — because the US government says it’s seized a critical domain that the Russian hackers were allegedly using.
The FBI confirmed to CNET that yes, it’s asking every owner of a consumer or small business router to do this. Why not just the infected ones? Because it’s not yet clear how far the infection has spread.
Note that it sounds like you might be taking a bit of a risk by simply rebooting your router, instead of a factory reset that could destroy the malware for good:
“Although devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure,” the FBI writes.
Either way, you might want to consider updating your router’s firmware.
Current but incomplete list:
MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:
Other QNAP NAS devices running QTS software