Computers & Electronics

FBI asks everyone in the world to reboot their router to stop spread of Russian malware

  • Last Updated:
  • May 31st, 2018 5:21 am
Deal Expert
User avatar
Mar 25, 2003
17147 posts
5655 upvotes
Markham

FBI asks everyone in the world to reboot their router to stop spread of Russian malware

FBI asks everyone in the world to reboot their router to stop spread of Russian malware
https://globalnews.ca/news/4237529/fbi- ... n-malware/
The FBI believes Russian computer hackers have compromised hundreds of thousands of computers around the world, and are advising everyone to reboot their routers to prevent the spread of malware.
https://www.forbes.com/sites/anthonykar ... c408274e0d
In a quick bit of government intervention, the DOJ, in cooperation with the FBI, seized control of the domain the Sofacy Group was using for the botnet. This is good news for infected parties, since the malware won't be able to restablish itself after communication has been interrupted. But for that to happen, you need to reboot your routers. The FBI and Department of Homeland Security have both issued statements requesting as much.
Last edited by Keigotw on May 29th, 2018 10:28 am, edited 1 time in total.
48TB Node 304 / i5-3570 / Server 2016 Essentials
12TB HP Mediasmart EX 495 (E8400, 3.0GHZ, 4GB Mushkin), with Server 2016 Essentials
16TB Qnap TS-459 Pro
11 replies
Newbie
User avatar
Apr 27, 2018
25 posts
4 upvotes
Was not sure at first look if this was satire but seems real enough. Well, Russians surely got a lot of success in this area during the last few years.
“He'd been wrong, there was a light at the end of the tunnel, and it was a flamethrower.” - Terry Pratchett
Deal Addict
User avatar
Nov 12, 2011
4508 posts
700 upvotes
Niagara-on-the-Lake
Not sure how rebooting will solve anything.
Deal Addict
Sep 12, 2007
2952 posts
1061 upvotes
What's interesting is that the QNAP NAS boxes were prone to this malware attack via "VPNFilter", something that had to manually be fixed, rebooting or installing the "malware" removal tool from QNAP didn't fix anything..
Newbie
User avatar
Feb 26, 2004
77 posts
25 upvotes
Typhoonz wrote: Not sure how rebooting will solve anything.
Maybe if you actually read the article you would understand...
Why is the FBI asking you to reboot your router?

The FBI has asked that everyone reboot their routers to “temporarily disrupt the malware and aid the potential identification of infected devices.” What does this mean?

Sood explained that this particular attack uploads itself to the memory of the router (which is key to powering the device). During a reboot, the memory of the router is cleared out, meaning that while the vulnerability which allowed the attack to take place still remains, the infection itself is temporarily cleared.

By doing this, hackers are then forced to compromise the router again to re-infect it. By this point, Sood said the hope is that in being aware of the threat, service providers are better able to deflect it by blocking the traffic and issuing security patches.
Deal Expert
User avatar
Mar 25, 2003
17147 posts
5655 upvotes
Markham
Typhoonz wrote: Not sure how rebooting will solve anything.
https://www.forbes.com/sites/anthonykar ... c408274e0d
In a quick bit of government intervention, the DOJ, in cooperation with the FBI, seized control of the domain the Sofacy Group was using for the botnet. This is good news for infected parties, since the malware won't be able to restablish itself after communication has been interrupted. But for that to happen, you need to reboot your routers. The FBI and Department of Homeland Security have both issued statements requesting as much.
48TB Node 304 / i5-3570 / Server 2016 Essentials
12TB HP Mediasmart EX 495 (E8400, 3.0GHZ, 4GB Mushkin), with Server 2016 Essentials
16TB Qnap TS-459 Pro
Deal Fanatic
User avatar
Mar 28, 2005
8978 posts
2579 upvotes
Cornwall, Ontario
Don't people usually reboot their routers once in a while anyway?

I remember when I was with Bell, they recommended rebooting the router every few weeks or so.
And even now, not with Bell anymore, I reboot the router whenever I think I'm not getting the speeds I should.

Rebooting is also the first one of any trouble shooting steps
Deal Fanatic
User avatar
Mar 24, 2004
5275 posts
1435 upvotes
Toronto
True for me back in the old days when running Tomato on my WRT54G. I had it scheduled for reboot every a regular period.
I don't know if people still do that on their more recent and modern router.
krs wrote: Don't people usually reboot their routers once in a while anyway?

I remember when I was with Bell, they recommended rebooting the router every few weeks or so.
And even now, not with Bell anymore, I reboot the router whenever I think I'm not getting the speeds I should.

Rebooting is also the first one of any trouble shooting steps
h2o- a.k.a. 阿水 (Ah Sui)

Feedback: HoFo | eBay | Heatware
Deal Addict
User avatar
Dec 1, 2010
2565 posts
1642 upvotes
GTA
This was already posted in several forums out there. Not all routers are affected.

In fact less than 500,000 routers worldwide are impacted, majority in Ukriane and Russia and the models I saw listed were 10+ years old.

This is much ado about nothing, IMO.

https://www.independent.co.uk/life-styl ... 1527517509
Deal Expert
User avatar
Apr 16, 2001
16514 posts
3319 upvotes
Wow. It's really time to blackhole all Russian traffic.
Blacklisted companies: Roku, Lenovo, Motorola, TP-Link, D-Link, Samsung, HP, LG, Public Mobile, EVGA, Blizzard
Deal Addict
User avatar
Nov 12, 2011
4508 posts
700 upvotes
Niagara-on-the-Lake
Xhumeka wrote: Maybe if you actually read the article you would understand...
This was not in the original article I read which is why I questioned it. Thank you for pasting this.
Member
May 25, 2008
228 posts
172 upvotes
Mississauga
A few weeks ago our NAS got attacked with some kind of ransomware virus that my son was able to trace back to Russian likely some kind of bot net like mentioned here. It was vulnerable because we had not changed the password to a secure password. The whole drive got encrypted and is likely unrecoverable.

It is becoming more difficult to protect from these attacks even if you have all the right pieces in place.

Rebooting routers is a good idea if it helps slow this down.

Top