Well, it seems like the sky is falling - again. According to the FBI, over a half million home and home office routers in 54 countries have been infected and compromised by a Russian botnet (distributed & self-spreading) infection that injects itself into routers and alters the code that they are running on. This FBI Advisory explains it pretty clearly: https://www.ic3.gov/media/2018/180525.aspx.
Apparently the Russians are trying to hack us, after all. (And the Chinese, Koreans, Ukrainians, etc., etc.)
So, if you have one of the millions of home routers that has been compromised, then any data flowing through your router (also referred to as a firewall) could be gathered by the router and sent back to the hackers who created the malware. Currently, the list of routers that have been reported as being vulnerable to this malware include the brand names Linksys, MikroTik, Netgear, QNAP and TP-Link. Please note that business-class routers and firewalls such as Cisco (not the Linksys home versions), FortiNet, Watchguard, Sophos, Cyberoam, Palo Alto, SonicWall and Ubiquiti (and many others) so far do not seem to be vulnerable to this attack.
We are often asked by business owners if they really need to pay hundreds of dollars for a business-class router/firewall when they can just drive down to Best Buy and get a home router for $50, and, well, this kind of provides a good example why the answer is always "yes" to that question. Wireless home routers are particularly vulnerable to hackers who can sit in a car on the street in front of your house and hack into your home network from a laptop, but that's a topic for another blog post. (Netgear routers seem to be particularly easy to hack - check out this article: http://www.besthackingtricks.com/how-to-hack-netgear-router-wifi-password/ )
Anyway, the "quick fix" to disrupt the malware on your home router is to simply reboot it - unplug it for 30 seconds, then plug it back in. However, that does not completely remove the malware from the router. It will, however, keep it from sending data back to the hackers, since the FBI took down the servers that were being used to collect information from the compromised routers. If you have never changed the default settings on your home router, then you can perform a "hard reset" to completely remove any traces of the infection and put the router back into the exact state it was in when you first pulled it out of the box. But, beware - if you have setup any custom wireless passwords or other specific settings, they will be lost when you perform this reset! After the reset, we urge you to change the default password for the router and make sure that remote management is turned off.
So, that's the simple breakdown on the VPNFilter malware and how to stop it, but if you want more detailed information and instructions on how to update your firmware and perform other tasks, BleepingComputer has posted this very informative article to help you out: https://www.bleepingcomputer.com/news/security/reboot-your-router-to-remove-vpnfilter-why-its-not-enough/.
And, as always - let's be careful out there.
-The PJ Networks Team
