FBI advises to restart its routers to get rid of VPNFilter

One of the models of routers infected by VPNFilter

The other day it became known that the FBI is asking Internet users in the United States to reload their routers in order to get rid of the VPNFilter virus. Malware in question, according to experts, has infected hundreds of thousands of different network devices. You can get rid of it in a very simple way - just restart your router.

The specialists of Cisco Talos last week told about the malware itself. Currently, the number of virus-infected routers has reached half a million and continues to increase. These are not one or two manufacturers' routers, but many well-known vendors, including Linksys, Mikrotik, Netgear, QNAP and TP-Link.

VPNFilter allows its creators to retrieve data from the user of an infected router, attack other devices, or even disable a network device with just one command. Doing it leads to the complete inoperability of the infected system.
')
According to experts from Cisco Talos, the virus developers are the Russian hacking team, known as Sofacy, Fancy Bear, APT 28 and Pawn Storm. The involvement in the development of the virus of this particular group is indicated by indirect signs, which the information security experts noticed. In order to get rid of malware, you need to return the router to the factory settings, or at least restart it. It is known that many malicious programs are destroyed if the infected device is restarted. But this, unfortunately, is typical only for relatively simple devices.

The FBI was able to detect the main server of the group, which was removed for further study. Thanks to this, the FBI agents were able to figure out exactly how many devices were infected with this virus (this was mentioned at the very beginning).

Actually, if the reboot can help, then why not try, right? The FBI offers to perform this operation not only to users of those models of routers that are known to be vulnerable, but also to those who do not yet appear in reports of cybersecurity experts. So you can just be safe.

In addition, owners of potentially vulnerable devices are advised to remove the ability to remotely configure the router and disable all remote access altogether in order to avoid further problems. The second step is to update the firmware, it will change a lot, protecting network devices and the networks themselves even better.

After rebooting, devices will be vulnerable to re-infection. But if you follow the basic rules of networking, it is unlikely that will change.


The restart interface is different from the router to the router, but all the same, the point is to reboot the system

In addition to the FBI, the Department of Homeland Security also asked US citizens to reload the latter in order to reduce the number of infected devices. Among the potentially vulnerable routers are the following:

• Linksys E1200
• Linksys E2500
• Linksys WRVS4400N
• Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
• Netgear DGN2200
• Netgear r6400
• Netgear R7000
• Netgear R8000
• Netgear WNR1000
• Netgear WNR2000
• QNAP TS251
• QNAP TS439 Pro
• Other QNAP NAS devices running QTS software
• TP-Link R600VPN

As for the board to restart the router, it is quite adequate, and it’s worth it not only to those who live in the USA, because VPNFilter is hitting devices all over the world.

Nowadays routers are one of the most vulnerable elements of network infrastructure for malware. Most IoT viruses are designed for the initial defeat of routers. Further, the options for actions of attackers vary. Someone can transfer all the data about the actions of users, and someone else can modify traffic in a certain way. Attention of manufacturers of routers more than once and not two turned to this problem, but, unfortunately, so far it remains relevant. And although getting rid of the malware can only be done by rebooting the router, their massive infection still leads to very sad consequences.