The FBI announced on Friday that hackers from a Russian organization called Sofacy Group have developed and implemented a sophisticated malware system known as VPNFilter. This new malware system has reportedly infected over half a million home and office routers, and is spreading worldwide.
What is VPNFilter?
The malware can perform multiple functions, including collecting user information such as passwords, reading users’ internet activity, and even blocking network traffic entirely. VPNFilter is currently a three stage infection. The final stage includes the function that can completely block a user’s router, instantly cutting off their connection to the internet.
What’s Being Done
FBI analysts are in the process of identifying and remedying the infection. The FBI procured a court order last week to seize a domain that could potentially be used to direct hacked routers. While this move was a vital step in cutting off communication with infected routers, it did nothing to remove the malware from those routers. Because of this, the FBI released a statement detailing defense actions that router owners should take immediately.
What You Can Do
To help halt the spread of the malware, home and office routers should be rebooted without delay. As noted previously, VPNFilter is a three stage infection. Rebooting infected routers will destroy the stage of the malware that monitors user activity and steals information. This will not only disrupt the malware but potentially aid identification of infected devices. It is imperative that everyone with access to a home or office router take this precaution, as it is still unclear how widespread the VPNFilter infection is.
Extra Cautionary Procedures
In addition to rebooting routers, the FBI recommended that users disable any remote management settings, upgrade device firmware, and update all passwords. For extra caution, users may want to perform a factory reset on routers. A factory reset will also reset any configured settings on the device, which will have to be restored after the reboot. For more information about device safety, or for assistance rebooting a device, contact tekRESCUE, located in San Marcos, TX.