VPNFilter May Already Infect Your Router
Reboot Your Router – Now!
In recent days the Department of Justice (DOJ) and the FBI have both released statements regarding the worldwide infestation of a malware product infesting hundreds of thousands of residential and small business routers.
VPNFilter is using your router to create a botnet capable of targeting government, military, security organizations, and other targets of perceived intelligence value.
This infestation targets SOHO routers and Network Attached Storage (NAS) devices. It is disseminated and controlled by a group under the control of a group of actors known as the “Sofacy Group” (also known as “apt28,” “sandworm,” “x-agent,” “pawn storm,” “fancy bear” and “sednit”).
Read the full DOJ article here.
Read the full FBI article here.
Read the Ars Technica article here.
What can you do about this?
- First thing to do is reboot your router immediately. This will eliminate the stage 2 and 3 infections as they have zero persistence. The stage 1 infection will remain and will seek instructions to reinfect your router. This gives our government an opportunity to track down the source.
- To accomplish this, PULL THE PLUG. Disconnect it from power for 60 seconds. Then plug it back in. You may have to press a POWER button on the router (depending on the model) to bring it back up again.
- Second thing to do is download and install the latest firmware from your router manufacturer. This is done from the Administration console in your router. You need to access this via your network on a computer. Instructions vary depending on the make and model of your router. Consult your documentation or your router manufacture’s website.
- For Netgear routers. Type the following into your browser address bar: http://routerlogin.net
There will be a button near the top with a notification to get the latest firmware. Click the button and just wait. Current response time is abysmal. Possibly due to this current situation.
- Do the same thing for ANY NAS devices on your network. Anything with a storage drive in it should be rebooted NOW.