Have You Tried Turning Your Router Off and On Again? The FBI Says You Should.

Have You Tried Turning Your Router Off and On Again? The FBI Says You Should.

On Friday, the FBI issued a public service announcement (PSA) recommending that home and small offices reboot their routers, QNAP and NAS devices stating that Russia has compromised hundreds of thousands of home and office network devices worldwide with a Malware called VPNFilter.

Rebooting your router is a straightforward process that only takes a minute. Simply unplug the router from its power source, wait 10 seconds and plug it back in.

Should you listen to the FBI?  Here’s what you need to know.

Meet VPNFilter Malware

VPNFilter is a newly discovered malware variant which, according to the FBI, is "able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router."

Cisco's Talos Intelligence Group just released a report that stated over half a million routers are infected with VPNFilter. The FBI believes Russian hackers, who call themselves The Sofacy Group, are responsible for the infections and have been using the malware to control infected devices.

Is Your Router Infected?

Should you be concerned that your router is infected? The reality is only a small number of older router models are known to be affected by this malware. According to the same Cisco report, these models include:

Linksys Devices:

E1200
E2500
WRVS4400N

Mikrotik Routeros Versions for Cloud Core Routers:

1016
1036
1072 

Netgear Devices:

DGN2200
R6400
R7000
R8000
WNR1000
WNR2000

QNAP Devices:

TS251
TS439 Pro
Other QNAP NAS devices running QTS software

TP-Link Devices:

R600VPN

NOTE: Switchfast Does not install any of these devices in our MaxPro or managed clients businesses.

The chances are that your router model isn’t on this list, but the Cisco Report makes it clear that they aren’t sure these are the only devices that are infected. The report states: “Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected.” If your router is on this list, you’ll need to reset it.

What to Do

A reboot is all the FBI is asking for, but Cisco claims part of the malware may persist. If you want to be 100% sure your router is not infected, you will need to factory reset it, request and reboot (power cycle) your router which is a more disruptive process.

Brian Krebs offers a good walkthrough in his post. Make sure you have the user guide for the router downloaded before starting. Typically, you'll need to hold down the reset button found on the outside of the router, and once that's been done, you’ll need to go through the process of reconfiguring your router, including setting up your Wi-Fi network and passwords again. 

Additionally, Linksys advises that you apply the latest firmware (something that happens automatically in Linksys' newer routers) and then perform a factory reset, along with changing the default password.

Bottom line: if you don’t own one of the models but want to be sure Russian hackers don’t have control over your router, follow the FBI’s instructions and factory reset your router. 

Written by Nik Vargas

Images courtesy of Linksys, Netgear, QNAP, TP-Link and Mikrotik Routeros.