REBOOT OR UNPLUG YOUR ROUTER ASAP PLEASE

[val2525]

Per the FBI. Yes, this is true. It is not fake news.

The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices.

Researchers from Cisco’s Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot.

Later in the day, The Daily Beast reported that VPNFilter was indeed developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm.


appleinsider.com/articles/18/05/28/fbi-warns-public-to-reboot-wi-fi-routers-to-counter-vpnfilter-malware

arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/

krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/

www.digitaltrends.com/computing/vpnfilter-malware-router-reboot/

fortune.com/2018/05/26/fbi-warning-russian-malware-routers/

slate.com/news-and-politics/2018/05/fbi-is-asking-everyone-to-reboot-their-routers-to-stop-russian-malware-infection.html

[Desire]

Our internet provider shut everyone down and sent re-boots to everyone. They have some notice about it somewhere that DS read about.

[sunsetpainter]

val2525

Does this just mean to shut it off and turn it back on again?

[chapeaunoir]

You want to be careful to reboot and not reset.

I would unplug it rather than just use the power button. Also unplug your modem unless it's all in one. Wait at least 10 seconds, 30-40 seconds is best.

The plug your modem back in. Wait a minute (for re-authentication). Then plug in your router. Again wait a few minutes. You should be ready to go.

All of this waiting between steps is just so that authentication, etc. of IP addresses can be established.


If your router and modem are in the same device it's easier, just unplug, wait a while, then plug back in.

[val2525]

May 28, 2018 22:24:38 GMT sunsetpainter said:

val2525

Does this just mean to shut it off and turn it back on again?

I just unplugged mine, for the reasons Chap stated. Unplug/plug is like a power failure, so it doesn't mess up the settings. Or that's been my experience anyway.

[chapeaunoir]

Yes, exactly- it reboots retaining all of your settings, rather than actually resetting, and that's what you want. If you reset, it goes back to factory settings.

[chapeaunoir]

You can power it down and up again, but actually unplugging it is the surer bet.

[denise15601]

Thanks for the info. I called Comcast internet and the rep said that she doesn't see any warnings. Okay. Whatever. Hopefully I am protected.

[val2525]

I'd still unplug the router, Denise, and plug it back in. Easy peasy and you'd know you're in the clear. CSRs don't know everything - eBay is a perfect example. (So is Cox, Century Link, Comcast, etc LOL)

[Shirley U Geste]

It was on NBC, CBS & ABC news tonight.

Comcast never knows what they are doing, taking advice from them never turns out well.

[val2525]

I was at Cox website earlier, not a peep from them. No email either.

[Shirley U Geste]

They are probably afraid the customers will think it's the companies fault & change their service.

Rebooting is no big deal, I do it every other Saturday anyway on the advice of some IT people.

[kritter]

No email from At&T but I didn't check their website.

[denise15601]

Thanks, I did reset it. Had to practically stand on my head to find which cord was the power one, since the cords are short. Then pulled the plug from my power strip.


Note to self: Vacuum around the power strip and wires under my desk. ugh.

[titus730]

Denise, I went to Xfinity, Comcast's website, and checked my messages. Nothing from Comcast. But I then went into the forums and people there are asking about it.

[denise15601]

Thanks Titus. Wonder if it is regional? I didn't hear anything on my news stations.

[val2525]

It's national news. It's also coming from the FBI, so it's legit. The links I posted in my OP are reputable technical websites. They don't post fake.

Which is why I'm surprised the internet providers aren't being proactive about it. Eventually the press will pick up on that and ask why.

[chapeaunoir]

It was in the print press here, but I'm surprised that it's not more reported, too. There's a lot of potential for harm here, and the fix is so easy.

Ars Technica is the site that a lot of higher level IT people use - the DH has followed it for years.

[denise15601]

Our Channel 4 news just announced it about an hour ago. It is amazing that I read about it here a day ago.

Kudos to you Val!!!!

[val2525]

LOL! It was already 4 days old when I caught wind of it, from a FB post by a friend of mine.

[Deleted]

Maybe this is why Centurylink makes me reboot 20 times a day to get the internet to work. All this time I thought I had crappy internet service but it was really to throw off the Russians. Brilliant, we are probably the most protected town around.

[val2525]

Out of curiosity, peek, how old is the modem you're using? If it's more than a year or two, that could be part of the problem. I was using an old CenturyLink modem in ABQ and started having to do that. I'd had it for 7 or so years and it was old when I got it. I upgraded to a newer modem they had and it made a huge difference in my internet service and speed.