The FBI is advising everyone to restart their routers to help thwart a state-sponsored malware that could wreak havoc on impacted systems.
In a public service announcement on Friday, the FBI recommended anyone — yes, anyone — with a home router to reboot their devices. “Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide,” the agency said in the announcement.
The FBI is talking about VPNFilter, a new malware threat that was only recently discovered. The malware has already infected about half a million routers and network devices worldwide, Cisco’s Talos Intelligence Group said in a report.
VPNFilter can reportedly steal login data and passwords, as well as monitor infected systems. Worryingly, it also contains a “killswitch” that could render compromised devices basically inoperable if triggered.
The malware is believed to have been developed by Sofacy Group, a Russian hacking group which has made headlines in the past. Sofacy, which also goes by Fancy Bear or APT28, has alleged ties to the Russian government.
Due to code that shares similarities to previous Russian cyber attacks, security researchers indicate that VPNFilter is likely to be state-sponsored as well.
Unfortunately, there’s also no easy way to tell if a router has been compromised. Talos Intelligence Group reports that about a dozen models have been impacted by VPNFilter, including routers made by Linksys, Mikrotik, Netgear, QNAP and TP-Links.
The affected models are mostly older devices. And Talos notes that most of the impacted routers and network devices have — thus far — been in Ukraine.
As far as what a reboot can do to stop the malware, it’s a bit unclear. While rebooting a router could help stop several “stages” of VPNFilter, there are parts of the malware code that could survive a standard reboot process.
Brian Krebs, a renowned cybersecurity journalist, notes that only a full reset to factory default settings can actually eradicate VPNFilter. Normally, this is triggered by holding down a physical reset button on the router itself.
If you’re particularly concerned, it’s also recommended that you keep your router’s firmware up-to-date. In addition, make sure to use a strong, unique password — in other words, ditch the default password that came with the router.
How to Reset Your Router
Most routers feature a small hole on the rear of the device. First, find it.
Stick the tip of a pin (or paper clip) inside the hole.
Then, press the pin down and hold for roughly ten seconds until your router resets.