Rock Springs, WY. | Nationwide – The Sweetwater County Wyoming Sheriff’s Office is passing along a Federal Bureau of Investigation (FBI) advisory warning of foreign compromise of computer routers and other networked devices such as Network Attached Storage (NAS) devices, sometimes commonly known as home servers.
Sheriff Mike Lowell said on Sunday:
“The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide by using VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.
Hackers thought to be working for an advanced nation have infected more than 500,000 home and small-office routers worldwide with malware that could be used to collect communication and information, launch attacks (via botnet), and permanently “kill” the devices with a single command.
The FBI is asking basically everyone to simply reboot their home and office routers, or NAS devices, which will at least temporarily prevent the device from being used in an attack as part of the botnet.
With the FBI having seized control of a remote server used by the malware, rebooting a router or NAS should remove your device from the botnet, if you were infected.
While a simple reboot will help to break down the botnet, a more effective approach would be to complete a factory reset on your router or NAS, in order to be sure that your device is not effected by any remnants of the malware. A full factory reset should remove stages 2 and stage 3 of the malware, while stage 1 should have been mitigated by the FBI seizure of the server.
This process generally involves using a paper clip or thumb-tack to hold down a button on the back of the device for 5 to 10 seconds. The process can vary by manufacturer.
CAUTION: A factory reset will remove any configuration settings stored on the device, so users will have to restore those settings once the device reboots. Some ISP’s set this information up on installation so this suggestion may not be suitable for all users. If you have questions about a full factory reset, and how it will affect your routers settings, please contact your ISP.
Another good bit of advice for general router safety, is to change the default password on your router, periodically update the firmware on your device, and to disable remote administration and possibly UPNP, if you are not using it.
More information can be found at https://www.ic3.gov/media/2018/180525.aspx