- Rebooting your router disrupts the VPNFilter malware, but does not remove it.
- To wipe it completely, do a full factory reset.
- Look for a ‘reset’ button on the back of your router and hold it down for about ten seconds. This will also wipe all custom settings.
- Change your router’s admin password to anything but the default.
Last week, the FBI sent out a warning: Reboot your router because a dangerous piece of malware, VPNFilter, has compromised hundreds of thousands of them.
If you did that, good. If not, do it now. But if you really want to be rid of the cyberscourge, you’ll have to go a little further and reset your device to its factory settings.
VPNfilter is a nasty little bugger that could spy on your internet traffic or even brick your router. But before it can do any of that, it has to load itself up.
The malware comes in three stages. Stage one infects the router and lays the foundation for the funny business. Once established, stage one finds and downloads stage two, which is the real meat of the problem. Stage two is the software engine that can start messing around with and slurping up your data, including browser history, usernames, and passwords. Stage three is the icing on the cake. It comes in various forms that modify the capabilities of the main hacking engine, stage two.
In an announcement on Friday, the FBI recommended rebooting your router. That’s smart, but it removes only stages two and three, leaving stage one to call out to its masters and redownload its business end. This isn’t oversight on the FBI’s part. As the bureau’s statement notes (emphasis ours):
The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.
By rebooting our routers in mass, we are not only forcing the infected ones to identify themselves by calling to their masters for a re-download of stages one and two, but also lighting up the distribution network, which will have to work overdrive to deliver all these packages at once. It’s a smart strategy, especially if the FBI can solve the root problem. But in the meantime your router might remain infected, and there is, as of this writing, no good way to check.
To disinfect your router completely, do a full factory reset. Important: Before you begin, search for and save any instructions you may need to get the router connected again so you have them on hand.
The reset process varies from router to router, but generally involves a button on the back labeled “Reset” or “Factory Reset” that needs to be held down with a paperclip for about ten seconds.
Once your router is fresh and clean, you’ll want to change its password and upgrade its firmware if there’s an update available. Again, this varies from router to router so look up your specific model, but the general instructions are to:
- Connect your computer to your router (with and ethernet cable if possible)
- Point your web browser to your router’s control panel page (usually by putting the address 192.681.1.1 in the address bar)
- Login to the router’s control panel using the default username/password (usually some combination of the words ‘admin’ and ‘password’)
From there, poke around or refer to your router manufacturer’s official instructions.