The FBI announced Friday that Russian hackers have created a malware system which has infected hundreds of thousands of routers.
While the malware is quite sophisticated, pretty much anyone should be capable of taking the initial steps required to combat it. Turn your router off. Then turn it back on again. There's more to it, to be sure, but it has been recommended that all home routers or small office routers get a restart. That should clear the immediate threat.
Users are also urged to download updates for their routers.
Cisco's Talos security team revealed the malware on Wednesday. It announced more than 500,000 devices in at least 54 countries have been infected with the malware called VPNFilter. Brands known to have been hit include Linksys, MikroTik, Netgear, TP-Link, and QNAP.
"Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide," the FBI's public service announcement reads. "The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic." It can also "destroy the devices with a single command," explains Ars Technica.
Routers were left infected even though the FBI seized a website used to direct hacked routers, which "cut off malicious communications," according to Reuters.
The below devices are vulnerable to the malware according to a post from Symantec.
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
Symantec notes that rebooting your device will remove any "stage 2" or "stage 3" elements downloaded by VPNFilter. Rebooting will "(temporarily at least) remove the destructive component of VPNFilter." However, those removed elements could be reinstalled by hackers. Reboot the router and "you should then apply the latest available patches to affected devices and ensure that none use default credentials," writes Symantec.
The FBI echoed similar instructions to those issued by Symantec. "Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware."