{"id":6501,"date":"2018-05-29T13:32:49","date_gmt":"2018-05-29T17:32:49","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=6501"},"modified":"2020-12-10T10:50:18","modified_gmt":"2020-12-10T15:50:18","slug":"fbi-attention-world-please-reset-your-routers","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/fbi-attention-world-please-reset-your-routers\/","title":{"rendered":"FBI: Attention World, Please Reset your Routers"},"content":{"rendered":"<h2>500,000 devices with VPNFilter could be destroyed with a single command<\/h2>\n<p>The FBI is asking everyone in the world to reset their routers in an attempt to neuter the Russian malware known as VPNFilter.<\/p>\n<p>VPNFilter was created by the Russian state-sponsored hacker group Fancy Bear (a.k.a. Sofacy, APT28). Last week the FBI obtained a warrant to shut down the control servers that were behind VPNFilter.<\/p>\n<p>According to <a href=\"https:\/\/blogs.cisco.com\/security\/talos\/vpnfilter\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Cisco\u2019s Talos Intelligence researchers<\/a>, there are over 500,000 devices that have been infected. Among the affected manufacturers are LinkSys, MikroTik, NetGear and TP-Link. The <a href=\"https:\/\/www.thesslstore.com\/blog\/click2gov-servers-infected-with-malware-that-steals-pci\/\">malware collects traffic sent through the infected<\/a> routers and scrape it for data like login credentials.<\/p>\n<p>What\u2019s more disconcerting is that the malware has the power to wipe out portions of the routers\u2019 firmware, which renders them useless. Attackers have the option to destroy a single device or wipe out all infected devices at once.<span id=\"newline\"><\/span><\/p>\n<p>The Cisco report came in response to an uptick in infections in the Ukraine. Officials there were quick to blame the malware on Russia, whom it accuses of planning the attacks to coincide with next Saturday\u2019s Champions Cup (soccer). The Ukraine also blames Russia for the NotPetya attacks that occurred last year.<\/p>\n<h2>What routers are affected by VPNFilter?<\/h2>\n<p>Though the infections have been limited to devices made by LinkSys, MikroTik, NetGear and TP-Link, the FBI is quick to caution that other devices could be at risk as well. Here is a full list of the models affected by VPNFilter:<\/p>\n<ul>\n<li>Linksys E1200<\/li>\n<li>Linksys E2500<\/li>\n<li>Linksys WRVS4400N<\/li>\n<li>MikroTik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072<\/li>\n<li>Netgear DGN2200<\/li>\n<li>Netgear R6400<\/li>\n<li>Netgear R7000<\/li>\n<li>Netgear R8000<\/li>\n<li>Netgear WNR1000<\/li>\n<li>Netgear WNR2000<\/li>\n<li>QNAP TS251<\/li>\n<li>QNAP TS439 Pro<\/li>\n<li>Other QNAP NAS devices running QTS software<\/li>\n<li>TP-Link R600VPN<\/li>\n<\/ul>\n<h2>What can I do to protect myself from VPNFilter?<\/h2>\n<p>Unplug your router.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-6502\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/05\/dims.jpg\" alt=\"FBI: Attention World, Please Reset your Routers\" width=\"600\" height=\"450\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/05\/dims.jpg 600w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/05\/dims-300x225.jpg 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>Yes, that\u2019s right the age-old trick that can fix almost any internet connection issue also works for stopping VPNFilter. Kind of. First, here\u2019s what the FBI had to say in a recent public service announcement:<\/p>\n<blockquote><p>&#8220;The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices\u2026 Owners are advised to consider disabling remote-management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.&#8221;<\/p><\/blockquote>\n<p>Unfortunately, there are three stages of the VPNFilter malware. The more dangerous stages, two and three, can be removed with a reboot. Stage one is like herpes, it remains with your router forever and can be re-infected. The good news is that the FBI now controls the address that all VPNFilter was being routed to. The bad news is Stage one is potentially stuck on your router.<\/p>\n<h2>Closing Thoughts<\/h2>\n<p>While it sounds silly on its surface, I would still heed the FBI\u2019s advice. Resetting your router is typically as simple as pulling the power cord out of the wall, waiting about 30 seconds and then plugging it in again. This isn\u2019t rocket science. Just follow the advice and avoid any trouble in the future.<\/p>\n<p>As for how the infection started\u2014nobody is sure. But Symantec, <a href=\"https:\/\/www.symantec.com\/blogs\/threat-intelligence\/vpnfilter-iot-malware\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">in its own report<\/a>, mentioned that many of the targeted devices already had known vulnerabilities.<\/p>\n<p>So if you\u2019re using a newer device, still take the 30 seconds or so to reset, but you may already be in the clear.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>500,000 devices with VPNFilter could be destroyed with a single command The FBI is asking everyone in the world to reset their routers in an attempt to neuter the Russian&#8230;<\/p>\n","protected":false},"author":6,"featured_media":6503,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[7387,4163,7417],"class_list":["post-6501","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","tag-fbi","tag-malware","tag-routers","post-with-tags"],"views":11979,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/05\/bigstock-Man-Plugs-Internet-Cable-Into-187229965.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/6501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=6501"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/6501\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/6503"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=6501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=6501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=6501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}