On a government website, the FBI recommends “any owner of small office and home office routers power cycle (reboot) the devices.” It’s in response to a malware threat called VPNFiler that can render routers inoperable and potentially steal information, according to the bureau. There is also the risk of your home or business network infecting other networks.
Turn your router off and back on
If your router is infected, turning it off for about a minute and then back on may clear the malicious software from its memory. The router is a box of sorts that’s typically connected to your cable modem or whatever other device that your internet service provider installed to bring internet into your home or business. Sometimes a router is combined with the modem with only one box. It probably has ethernet cables plugged into it and it’s also the device that configures your WiFi. There is also a power cord so all you need to do is unplug the power, wait about a minute and plug it back in. Your network (and all devices attached to it by wire or WiFi) will be down for a few minutes while the router goes through its start-up process but everything should be back to normal with in a few minutes. Symantec has additional advice and a good explanation of the vulnerability, including situations where it may be necessary to take the further step of resetting your modem to factory defaults (if you do that make sure you get help or know how to re-configure it so you can restore your internet connection).
Following the rest of the FBI’s advice can be tricky
The FBI is also suggesting the people should “consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.” For some this may be easier said than done. While it’s not that difficult or time consuming to follow this advice, many people don’t know how to access their router’s control panel and may not even know their username or password.
If you’re in this situation, start by rebooting — anyone can do that and it will likely clear out any malware. But if you don’t know how to update the firmware or change the password, you can start by calling your internet service provider. If they provided the router, they can definitely help you. If it’s your own router (or your not sure) you’ll need to give them some information from the labels on the device.
You can also find help by searching for the name and model number of your router, which you can usually find on the bottom of the device. The router maker will probably instruct you to go to an IP address such as http://192.168.1.1 (which is used by Linksys and other router makers) and then follow onscreen instructions to update firmware and change the password.
Known vulnerable routers
According to Symantec, the following routers are known to be capable of being infected but it’s possible that others could also be vulnerable:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN