As you have all probably heard, there are now issues with routers that can become infected with malware. The FBI has recommended that users of certain versions and brands of routers reboot them. NOW.
Oy.
The VPNFilter malware is now affecting/infecting upwards of 500,000 routers globally. Older routers are more susceptible according to some sources…Linksys, Cisco, Netgear, TP-Link and a few others have been infected.
The article with the list of potentially affected routers can be found here: https://www.zdnet.com/article/fbi-to-all-router-users-reboot-now-to-neuter-russias-vpnfilter-malware/
Double Oy!! (Oy-Oy for short!) Heck that covers most of the routers in service for my clients!!
Rather than bore you to tears with the gritty details, let me get down to brass tacks.
The infection can slow down computer networks, remote control computers attached to that router and of course, spy on your digital transmissions including passwords and sites you visit.
Solution?
The first step is to manually reboot the router. That can take out the first level of infection. The infection can be persistent in that even with a manual reboot of the router (powering it off and then back on again after a minute or so) the malware can be in the router’s firmware.
This is where it gets a bit more complicated…and is recommended….
In order to remove it completely, a factory reset needs to be done and then have the router update it’s internal firmware directly from the manufacturer’s website.
This is done by pressing the reset button on the back of the router and holding it for at least 30 seconds.
Once that is completed, the generic/default passwords that are in the router MUST be changed. Disabling remote access is necessary as well.
On my Netgear, I tried that and it took a few tries to get it to reset. I did notice a few things off with my network, including how my Sony Playstation was acting while gaming. Yeah, I do that too and have a channels for that as well…and of course, have started my comedy channel…you can email me for links.
Once I reset the router and entered a new password, I then cleaned out computers to see if they had any infections.
Surprisingly I had a couple of hits and cleaned them out on my main production box. See my other article on antivirus issues.
Now what?
Since most routers in the wild are somewhat vulnerable, I urge my clients to at least start with the reboot and then reset it to factory.
If you need my assistance with this and making sure it’s setup correctly and your computers are cleaned up, give me a call.
I can help you with the reboot and check things over for you!
Scott (760) 550-9496