Why the FBI says rebooting your router can weaken a global malware attack
Source: Washington Post
May 30 at 2:56 PM
The Federal Bureau of Investigation is asking everyone with a home router to do one small thing: Turn your router off and then back on again.
The agency issued a warning on Friday asking home Internet users and small business owners to reboot their routers to ward off a pernicious piece of malware called VPN Filter. The malware infects routers during the first stage of an attack that eventually gives hackers great control over the devices connected to the Internet. The malware has been linked to a group believed to be connected to the Russian military.
Research from Cisco's Talos security group, published last week, estimates that 500,000 devices around the world may be affected by the malware, including routers made by major manufacturers such as TP-Link, Netgear and Linksys. While the FBI recently seized a critical part of the network that runs this attack, the agency still recommends that everyone reset their router, regardless of manufacturer, to cast a wider net.
Simply unplugging your router may not seem as if it could do much for your security. But resetting the router sets this complicated malware back to Stage One, said Ashley Stephenson of Corero Network Security. In its first stage, VPN Filter establishes a presence in a router, but it needs to talk to another part of the network to download the second stage of the attack.
Read more: https://www.washingtonpost.com/news/the-switch/wp/2018/05/30/the-fbi-would-like-you-to-reboot-your-wifi-router/?noredirect=on&utm_term=.e44d35f58c5f
I have complied with this request.
RKP5637
(67,107 posts)Judi Lynn
(160,526 posts)Honeycombe8
(37,648 posts)I periodically reboot, anyway The router seems to get congested or something...it works better after rebooting.
inanna
(3,547 posts)I really, really hope I was not already infected?
I'm no "techie", so I wouldn't really know.
Honeycombe8
(37,648 posts)hlthe2b
(102,236 posts)I hold my breath that the upgrade goes right and I don't lose internet access... So far, I've been lucky, but have heard some horror stories from friends whose netgear routers didn't seem to "like" the new firmware.
So far, I've been lucky.
LiberalArkie
(15,715 posts)I rebooted like I do all the time. I went to check for an upgrade in the router. The router said it was up to date and I wrote down the version number.
I went to Linksys and the version for my model was quite a bit higher than what was in it. So I did screen captures of all the settings and variables and downloaded the new version and installed it.
I put in all the DHCP settings logins, etc. I did not want to. restore a backup just incase there was something weird in it.
hlthe2b
(102,236 posts)This time it did, but then I'd already known one was available (just hesitant to install it). I'll be honest, though--I'd not updated to the past two firmware versions even though I am religious about keeping my two laptops (and iphone/ipad) up to date. So, I knew I HAD to do this one....In my defense, I use very strong passwords and change them regularly...
LiberalArkie
(15,715 posts)that allowed someone to put a version for the Linksys in, but it did not poll the correct IP for an update. SO the passwords meant nothing. For most people all the needed to do was reboot. Since the FBI had taken over the server that the first layer called was not responding nothing dangerous could be loaded.
I fixed it by going to Linksys.com and finding what I needed. I think it was a month or 2 old, so the router should have spotted if it was going to the correct place. But all is good, (I hope).
Also since the FBI has the server that the initial program calls, the FBI can now find out what routers and where are affected as they will be in the servers log.
Hekate
(90,667 posts)...so he could disconnect and reboot the router for our home office.
Our friends the Russians
mbusby
(823 posts)...and my router and mail server is a Dell workstation server running ClearOS (Linux Redhat enterprise server). I rebooted the server, although I don't think it is affected.
FakeNoose
(32,634 posts)The router resets when the power is off and disconnected from the electric outlet.
If the plug stays in the outlet it might hold the previous settings, and then it hasn't reset itself.
Once you put the plug back in, turn the router back on, wait for about one minute until the blinky lights come on. You're good to go, and you can turn your computer back on. I have my computer and router on a multiple outlet surge protector so it's easy to shut the power off and on together.
SWBTATTReg
(22,114 posts)FakeNoose
(32,634 posts)However I'd say go ahead, to be on the safe side.
I know that routers have electric plugs that retain the charge for a short time even when the power shuts off (like in an electrical storm outage.) So after about 1 minute it loses that original charge and resets everything. It's possible that modems act the same way but I really don't know.
This message from the FBI is telling us to reset our routers, however it may not affect the modems because they may not be attacked by the same virus. Does anyone else know?
SWBTATTReg
(22,114 posts)just being cautious...thanks again!
Also, there are combined modem/router units (in a single box) so I'm hazarding a guess that yes, do the modem too (since in some cases they are merged anyways.
IthinkThereforeIAM
(3,076 posts)... of the socket in back, then you don't have to go crawling and hope to find the right plug in on your surge protector plug in bar.
And wait at least 15 seconds, the longer the better, so the memory gets dumped, as mentioned in a post above mine, too.
With older Motorola wifi, especially the DSL ones (some folks still using them), it was SOP to reboot it once a week, or you had problems and lags.
It is just a good idea to do this procedure once a week, it dumps the RAM on the router (gets rid of old garbage bits and pieces in the memory) and resets so all should be faster.
It really isn't that much different of a concept than shutting off your cellphone, that sure seems to fix any apps that are hanging, right?
SWBTATTReg
(22,114 posts)the like every 3 months or so (when I was rehabbing, it was far more frequent). I know people are wondering why take the plug out etc. too when the router is powered down, but if you have a relatively new VCR and the power goes out, and it goes out for a longer period of time, then your entries on when / what / etc. to record get wiped out (and you'll have to re-enter).
If the power goes out for a shorter duration of time, then the VCR doesn't lose any entries. I noticed this when out of two of three VCRs I have set up, 1 will always lose its entries, 1 will not, unless power is out longer, and the other VCR doesn't really work very well so I don't use very much.
Again, thanks so much, good points, especially about getting into a routine automatically to shut down/reboot.
many a good man
(5,997 posts)The WaPo article says to simply reboot but the technical article says to reset to factory defaults before rebooting. That's a big difference if it means you have reconfigure the router and all your devices.
Does this pertain to all routers or just some? Is there a list somewhere?
defacto7
(13,485 posts)Mine are likely more vulnerable since they are set as bridges to the ip. I was thinking that I should reset them again on election days. Just a thought.
catbyte
(34,376 posts)jpak
(41,757 posts)Fuck Putin.
Fritz Walter
(4,291 posts)On Memorial Day, I rebooted my cable modem as well as internal routers (Apple Time Machine and Airport). A minuscule way to honor those who fought against totalitarianism, but well worth the effort.
And, oh-by-the-way, an opportunity to say "Fuck you, Putin and all your bots!"
RhodeIslandOne
(5,042 posts)My internet cuts out about once a day.
benld74
(9,904 posts)JohnnyRingo
(18,628 posts)a couple will likely not do it because they think the Russians are just doing what's best for us again. hahaha They'll never trust the Feds anyway.
Thanx for posting. I like when doing something to protect my devices is so easy and free.
mucifer
(23,539 posts)Is that all I have to do to reboot?
FakeNoose
(32,634 posts)Wait about a minute, plug it back in. Turn it on and wait for the little twinkly yellow/green lights to come back on.
It will reset itself and get a new IP address from your ISP.
When all the twinkly lights are on, you can turn your computer back on.
You'll have everything all the same on your computer, but the router has been reset.
SunSeeker
(51,550 posts)...whether I'm doing it or not.
fleabiscuit
(4,542 posts)hlthe2b
(102,236 posts)So, maybe there is a silver lining...