The FBI wants you to switch your router off and on again

It's to fight back against Russian malware infecting household networks.
Publish date:

What's happening?

There is growing concern about a Russian cyberattack that is targeting the consumer and small business internet routers.

The malware attack called "VPNFilter" has been happening since 2016, but hackers have stepped up the attack in recent weeks to the point it's prompted the FBI to issue guidance to all router owners.

What do they want you to do?

Switch your router off and on again, basically.

The hack happens in three stages, the first stage being the malware establishing itself as a presence in your router.

The second collect files stored on your router (your personal data) and even has the capability of destroying the router completely, while the third stage can spy on the traffic routed through your device (including your website passwords). 

If you switch your router off and on again, it should stop Stage 1 from becoming Stages 2 and 3 at least for the time being and give the FBI more time to figure out which routers are already infected.

Today's Top Stories

– Twin Cities expected to surge to record May heat on Memorial Day.

– Spam recalls 228,000 pounds of cans after metal shards cause injuries.

– NEW: Follow Bring Me The News on Flipboard.

And if you find your router is already infected with Stage 1, Symantec advises you carry out a "hard reset" of your device by holding down the small reset switch that should be on your router for 5-10 seconds.

This wipes any configurations or passwords you have stored on the router, so you'll need to re-enter these upon reboot.

Which routers are affected?

The FBI says all internet users should reboot their routers by switching off and on, but the Cisco blog post says more than 500,000 routers have already been infected across 54 countries.

Even though rebooting your router temporarily stops Stages 2 and 3, it doesn't wipe Stage 1 from your device, which is why a hard factory reset is needed as well as installing the latest patches from the maker of your router.

While it's hard to figure out if your router has been infected with Stage 1, the owners of the following devices should carry out a hard factory reset as soon as possible:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

Next Up