Feds Say Your Internet Router May Be Infected With Russian Malware

A plugged in computer router

A plugged in computer router

The FBI says the malware is multi-functional and can collect information, its being used for device exploitation and blocking network traffic.

To combat the targeting, the Federal Bureau of Investigation is recommending that you reboot any small office and home office router you may own to disrupt any malware that may be present.

Anyone with a small office or home office router should power cycle, or reboot their routers to disrupt the malware. Along with routers made by Linksys, Netgear, TP-Link and Mikrotik, network-attached storage devices (NAS) made by QNAP have also been targeted.

According to Cisco Talos' analysis, all of the devices impacted by VPNFilter have known public vulnerabilities.

The FBI is urging consumers to reboot their routers to mitigate the risk of being exposed to a major malware attack with ties to foreign cyber actors.


Symantec also advises a reboot and if the problem persists to reset the device, which will wipe the device clean.

"The FBI will not allow malicious cyber actors, regardless of whether they are state-sponsored, to operate freely", said FBI Special Agent in Charge Bob Johnson in a statement.

TP-Link also acknowledged the malware and said they are investigating. Now, those attempts will be redirected to the FBI-controlled server, which will help identify infected devices. Many security experts believe the group gets backing from Russian military intelligence (the GRU), or it may simply be part of Russian intelligence. That way, you can set up the router again with the same information and all your devices will re-connect easily.

It's a pain in the neck, but you should probably factory-reset your home wireless router as soon as possible. The devices should then be secured with passwords and encryption. Even if your router is not on the list, it may be better to play it safe and perform a reboot anyway.

Latest News