A while back the FBI sent out a notice that hackers from a “Foreign” country has used a piece of malware called “VPN Filter” in infect and take control of routers being used for consumer and small business purposes. These hackers have been on the FBI’s watch since then and this Friday they have issued a new statement. This was preceeded by the one the Justice Department released on Wednesday.
It appears the FBI has seized control of a domain that was used to spread the virus, now they are using that seizure to track
down the suspects. Because of this, the FBI is asking that everyone using a consumer or small business grade router, perform a reboot right away. By turning the router off, waiting 15 seconds and turning it back on, this will remove any harmful malware that may be in your system. The FBI warns that this does not remove the malware completely, but it will remove the harmful part.
I bet right now you are saying “Why don’t I just do a factory reset”? That surely will remove the malware right? Let me tell you why that’s not a good idea. To answer the question; yes it will remove the malware altogether, but do you want all the extra work that goes with it?
When you do a factory reset, what you are doing is putting the router back to how it was when you got it out of the box. The SSID (wifi name) and password are put back to their defaults, and the admin information is reset as well. If you don’t have all that written down you will be lost. In addition, what you are doing is disconnecting all the devices that were connected to the wifi. You will have to go back around and reconnect them all again or they won’t work. On the other hand, if you just turn it off, and then back on again, you don’t remove any of that information.
The other reason you don’t want to do a factory reset is it might be a waste of time? The FBI isn’t saying that EVERYONE is infected, but they can’t say who is and who isn’t. Chances are you are not infected, but we don’t want to take that chance now do we.
Now what’s going to happen when you do the reboot is, it will remove the bad part of the malware, leaving the installation file behind. If you are infected there is a chance that when you turn the router back on, it will try to reinstall the malware again. This is helpful in many ways. 1. By reverse engineering the malware, people can create a cure that can be sent remotely to your router and fix it in the background without you ever knowing it’s happening. 2. Since the FBI has control of the domain it uses, they can trace the malware back to it’s creator when it tries to reconnect with the install file. Not to worry though, it won’t get to install anything though, since the hackers no longer have control of the domain it uses to do the installation.
The FBI suggests that everyone reboot their router ASAP as a precautionary measure, and it sounds like a good idea to me as well. After all, it’s good to reboot the router every once in a while anyway. If any updates were sent to your router, you will need to reboot it for them to take effect as well. While you are at it, now might be a good time to make sure your firmware is up to date as well.