The FBI is urgently warning consumers to reboot their routers after the agency identified a Russia-linked malware attack that targeted ‘hundreds of thousands’ of devices.
The malware, called ‘VPNFilter’, can block web traffic, collect data and leave devices completely inoperable, the FBI announced on Friday.
‘Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide,’ the PSA posted on the FBI’s Internet Crime Complaint Center website read.
The FBI is urgently warning consumers to reboot their routers after the agency identified a Russia-linked malware attack that targeted ‘hundreds of thousands’ of devices
It’s unclear how it’s getting on to people’s devices, but authorities believe it’s linked to a group of actors known as the ‘Sofacy Group,’ which is also referred to as ‘apt28,’ ‘sandworm,’ ‘x-agent,’ ‘pawn storm,’ ‘fancy bear’ and ‘sednit.’
‘The group, which has been operating since at least in or about 2007, targets government, military, security organizations, and other targets of perceived intelligence value,’ the DOJ said in a press release.
Sofacy is the same group believed to be responsible for many of the recent attention-grabbin Russian hacks, such as the hack of the Democratic National Committee during the 2016 US presidential campaign.
Sofacy is accused of infecting devices with malware called ‘VPNFilter’ in more than 50 countries, with the most immediate target for further action believed to have been Ukraine, Reuters reported.
According to the FBI, VPNFilter attacks ‘routers produced by several manufacturers and network-attached storage devices by at least one manufacturer’.
A report by Cisco’s Talos Intelligence Group found that at least 500,000 routers in as many as 54 countries have been affected by the malware.
Given the scale of the malware attack, the FBI recommended that consumers reboot their routers. To do this, unplug your router and wait a full 60 seconds before turning it back on
This malware gives these hackers the capability to carry out a variety of invasive tasks, ‘including possible information collection, device exploitation, and blocking network traffic’
This includes routers manufactured by Linksys, MikroTik, Netgear and TP-Link.
‘The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide,’ Talos said in its report.
It’s believed by experts that Russia has been carrying out a series of cyber attacks against companies in Ukraine for over a year that have resulted in hundreds of millions of dollars in damages as well as one blackout.
The Ukrainian government has now accused Russia of planning a cyber attack on Ukrainian state bodies and private companies ahead of the Champions League soccer final in Kiev on Saturday.
The Kremlin denied this accusation on Thursday.
The group of actors believed to be behind the attack is known as the ‘Sofacy Group,’ which is also referred to as ‘apt28,’ ‘sandworm,’ ‘x-agent,’ ‘pawn storm,’ ‘fancy bear’ and ‘sednit’
Given the seriousness and scale of the malware attack, the FBI recommended that consumers reboot their routers.
Doing so will temporarily disrupt any malware that’s active on the device, but it won’t remove it, the FBI said.
This can be done by unplugging the power cord and waiting a full 60 seconds before turning it on again.
However, Krebs on Security pointed out that part of the code utilized by VPNFilter will still exist on the device, unless the user performs a factory reset.
This will restore the router to its original settings and will require the user to reconfigure their network settings after it’s been completed.
Many experts also recommend that users update to the latest firmware on their router, then perform a factory reset on the device.
To be extra secure, they should also set up a secure password and disable any remote management settings.