Jeremy Herold

Time to Reboot Your Router

No Comments

The FBI has issued a recommendation for everyone to reboot due to malware

 

**Please be advised that if you’re using a CradlePoint router from RHYNO, you are already protected and don’t need to worry. We’ve already taken care of everything; your security and privacy were not compromised.

Hackers have switched their focus and have routed out a new way of getting to your data: routers.

The Internet Crime Complaint Center of the FBI sent out the Public Service Announcement detailed below, declaring:

FOREIGN CYBER ACTORS TARGET HOME AND OFFICE ROUTERS AND NETWORKED DEVICES WORLDWIDE

SUMMARY

The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide. The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.

TECHNICAL DETAILS

The size and scope of the infrastructure impacted by VPNFilter malware is significant. The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown.

THREAT

VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks.

DEFENSE

The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.

 

If you don’t reboot, this malware has the ability to really mess things up. It can spy on your internet traffic, or even make your router completely unusable.

VPNfilter comes in three stages. First, it infects your router and gets established. Then, it finds and downloads stage two which is the software engine that starts messing with and obtaining your data. The data it can compromise includes browser history, usernames, and passwords. Stage three can then get to work. It comes in various forms that can modify the capabilities of the main software hacking engine from stage two.

While rebooting your router will disrupt the malware temporarily, the malware will still be infecting the device.

The only way to remove the malware completely is to reset the router to factory settings. For the average user, this is easily done and doesn’t disrupt anything. If you have made changes to the settings of your router, those changes will be lost upon reset, so write down how you have all of your settings prior to resetting the router if you want things to be just as they were prior to the malware.

To be clear, rebooting is just restarting the router, while resetting is actually going back to the settings the router came with when it was fresh out of its box.

How you reset your router varies depending on your specific router.

Generally, routers have a button on the back labeled “Reset” or “Factory Reset.” If you hold that down for about 10 seconds, the factory reset of the router will begin. In order to hold down the button, you may need to fold open a paperclip and push the button down with the end of it.

Before you start any of that process, make sure you have your router instructions on hand, just in case you’ve forgotten how to set up your router once it resets.

Remember to change the password and update the firmware of your router once the reset is complete.

As always, if we can be of help with your network or computer, give us a call here at Rhyno Networks. (855) 749-6648

Subscribe to our newsletter!

More from our blog

See all posts
No Comments
Jeremy Herold information