If, like millions of Americans, you have a router in your home or office, it might already be infected by Russian malware named
VPNFilter. VPNFilter can
interfere with your router's functioning, spy on information being sent over the router, and even render it "inoperable," according to an
FBI statement about the threat.
But there's a simple step you can take right now that will likely prevent damage: Reboot your router, which can usually be accomplished by unplugging its power cord for 10 seconds and then plugging it back in. Why will this help? Because the Justice Department recently obtained a
court order allowing it to take possession of a key domain name used by the malware to remotely take control of routers. Rebooting your router will disrupt any malware currently on it, and the DOJ seizure should prevent the Russian malware from re-installing itself, at least for now,
according to The New York Times.
The
Times reports that the malware is being spread by the Sofacy Group, which hacked the Democratic National Committee before the 2016 election and is thought to be controlled by Russian military intelligence. An
analysis by Cisco's threat intelligence group says that VPNFilter has already taken control of at least half a million routers in countries around the world. It says that many popular router brands were infected, including
Linksys,
MikroTik,
Netgear, and
TP-Link.
In addition to a reboot, the FBI also recommends the following:
1. Update your router's firmware.
Make sure your router and any other network devices you are using are updated to the latest firmware.
2. Double down on security.
Change your router password to a strong one, if it isn't already. And enable encryption, if that's available on your device.
3. Disable remote management.
The FBI suggests that you consider disabling your router's remote management features. If you can get along without remote management, this sounds like a very good idea.
