If you have not been living in a cave recently you have probably heard the news that you should restart your home or office router. On May 23rd the FBI released a statement asking people to restart their routers to mitigate an emerging threat that they have detected. The threat is a virus known as VPNFilter and by restarting your router you could aid in preventing this cyber threat.
In a press release the DOJ has announced “Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible”. This is because of a cyber group known as Sofacy Group. It has built a botnet that is made up of hundreds of thousands of infected routers. The virus VPNFilter loads itself on the router and can then be used to cause DDOS attacks. The FBI has already begun the process of seizing domain names that are linked to the virus and by restarting your router you could potentially stop the device from causing damage.
Restarting could potentially stop the cyber threat but does not completely clear the virus. When your router restarts, it cleans its temporary memory that is on the device and if the domain name that the router is communicating with has gone offline the idea is that the virus will not be able to phone home. As of now CISCO has reported that they believe there are about half a million routers currently infected with this virus.
Steps To Solve The Issue With VPNFilter
1. Restart your router – This will not completely remove the threat, but it will help.
2. Reset the router to defaults. – If the virus is currently installed on your router resetting to defaults will get rid of the threat. Resetting your router to defaults will also lose all your current settings including port forwards, WiFi network and passwords.
3. Check for firmware upgrades – Router manufacturers commonly release firmware that patch security issues on your devices. By updating your device to the most recent firmware you will close security holes that could cause you issues down the road. It is always important to keep all of your software and devices updated.
4. Change your default passwords. – Most routers will ship with a default password. For example, admin as a password. These passwords are very weak and are usually the first thing a malicious software will use if it is planning to infect your router.
What Routers Are Affected?
Below is a list of routers that CISCO Says has the potential to be infected with this virus:
LINKSYS DEVICES:
E1200
E2500
WRVS4400N
MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:
1016
1036
1072
NETGEAR DEVICES:
DGN2200
R6400
R7000
R8000
WNR1000
WNR2000
QNAP DEVICES:
TS251
TS439 Pro
Other QNAP NAS devices running QTS software
TP-LINK DEVICES:
R600VPN
Most of the devices that are infected are in Ukraine, however there are a total of 52 countries with infected devices. This seems to point that the this has a higher chance of causing damage to businesses in Ukraine as instead of the USA but, it is still recommended to proactive measures as outlined above. With IOT Devices at a all time high it will be interesting to see what other issues could arise in the future.
Any questions or concerns, feel free to contact us.
Hi, My name is Josh Giesing. I am the Operations Manager at Computer PRO Unltd. In my free time, I enjoy reading and have a passion for learning.