Photo Corners

A   S C R A P B O O K   O F   S O L U T I O N S   F O R   T H E   P H O T O G R A P H E R

Enhancing the enjoyment of taking pictures with news that matters, features that entertain and images that delight. Published frequently.

FBI: Reboot Your Router Share This on LinkedIn   Share This on Google   Tweet This   Forward This

26 May 2018

The FBI, Justice Department and U.S. Department of Homeland Security have all issued advisories to reboot your router "as soon as possible" to counter Russian-engineered VPNFilter malware that has infected hundreds of thousands of the devices.

The Department of Homeland Security described the problem:

Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide. The actors used VPNFilter malware to target small office/home office routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network devices and block actor-configurable network traffic. Specific characteristics of VPNFilter have only been observed in the BlackEnergy malware, specifically BlackEnergy versions 2 and 3.

And the FBI elaborated on the threat:

VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router. Detection and analysis of the malware's network activity is complicated by its use of encryption and misattributable networks.

The solution is simple: reboot your router. The FBI added, "Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware."

To safely reboot your router and modem (which may be combined in one device for many Internet service providers), follow these steps:

  1. Unplug your router and your modem or use its power button to turn it off.
  2. Wait at least 30 seconds.
  3. Power the modem back on to sync with the Internet.
  4. Wait a minute until the lights on the modem indicate sync has been re-established.
  5. Power the router back on.

By cycling the power of your router you will temporarily disrupt the malware. Stages 2 and 3 of the malware can't survive a reboot. While Stage 1 will survive a reboot, it will harmlessly try to contact the recently-seized server, helping to document the extent of the infiltration.

BackBack to Photo Corners