Federal Bureau of Investigation ( FBI ) urged users / owners of routers around the world to restart the network devices as soon as possible. The announcement came after the 500,000 routers used at home and small businesses in more than 50 countries were attacked by malware.
“Foreign culprits have endangered hundreds of thousands of home and office routers and other networking devices around the world,” wrote a public service announcement from the Internet Crime Cimplaint Center.
Hackers use a malware called VPNFilter that potentially retrieves user information through the router to be able to permanently damage the device. The malware was first discovered by security team Cisco Talos a few days ago. Allegedly, VPNFilter was developed by a Russian hacker.
According to the US Department of Justice the creators of malware VPNFilter is a network of Sofacy Group that directly leads to the Russian government. From Digital Trends reports Sunday (5/27/2018), the router has been attacked by malware is made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link.
Users are advised to disable remote device settings using encryption, perform forced upgrades , and change new passwords. ” VPNFilter malware is a gradual, versatile platform platform with versatile capabilities to support intelligent gathering of intelligence and cyber attack operations,” Cisco wrote in its report.
From the above Cisco illustration, there are three stages of VPNFilter consisting of the first persistent and non-persistent stages in the second and third stages. The restart action of the device will clear the stages two and three to reduce the main problem.
The FBI is said to have confiscated the internet domain used by malware authors who have been injected into stages two and three. That way, the next level will not survive after the restart. The Ministry of Justice also appealed to users of SOHO Routers (small office home office) and NAS (network attached storage) servers that are likely to be infected with malware to immediately restart the device to remove malware in the second phase temporarily.
Although the device is vulnerable to infections again through the second stage of the malware when connected to the Internet, restarting will maximize the opportunity to identify and recover a router infection worldwide.
It can prevent hackers from learning their weaknesses. Cisco also recommends users to do factory reset (return to factory mode) that will eliminate all malware even in the first stage. If you are still hesitant to do so, the user can contact the vendor of the router used.