Russians hack Wi-Fi Routers: What to do now

File photo.

(REUTERS/Kacper Pempel )

It is a pain in the neck, but you should probably factory reset your home wireless router as soon as possible. You should definitely do if you are in possession of one of the various Netgear, Linksys, TP-Link or MicroTik models.

That is because at least 500,000 routers, and other devices worldwide have been infected by sophisticated malware that likely comes from the Russian state-sponsored hackers, such as Cisco Talos labs announced last week. The malware, which Cisco Talos calls “VPNFilter,” the stealing of personal information, redirecting web traffic, infect other devices, and-worst of all-even a “stone” infected devices to make them unusable.

The FBI said that the owners of small-office/home office (SOHO) router must restart their devices, but that does not completely get rid of the malware. (The FBI seized of a web domain is crucial to the malware’s activities, but that may be only a temporary solution.)

You must reset the router to factory settings to ensure that the VPNFilter malware is gone. A number of specific router models are known to be affected by VPNFilter, but Cisco Talos fears that it is perhaps only the tip of the iceberg.

Cisco Talos mentioned the final affected routers such as the Linksys E1200, E2500, and WRVS4400N; the Netgear DGN2200, R6400, R7000, R8000, WNR1000, and WNR2000; and the TP-Link TL-R600VPN SafeStream VPN router. MicroTik Cloud Core routers, mainly used by corporations, may be affected if they are running versions 1016, 1036, or 1072 of the MicroTik RouterOS.

Cisco Talos found that two QNAP networked-attached storage (NAS) drives, the TS-251 and TS-439 Pro, were also affected by VPNFilter.

But Cisco Talos is not finished with its investigation,

“Given our observations with this threat, we assess with a high degree of certainty that this list is not exhaustive and other devices may be affected,” Cisco Talos researchers wrote in a blog posting.

“We recommend that users of SOHO routers and/or NAS-devices to reset to the factory default settings and restart them,” the posting said. “Because of the potentially destructive action by the threat actor, we recommend out of an abundance of caution that these actions are taken for all SOHO or NAS devices, regardless of whether they are known to be affected by this threat.”

All the routers affected by VPNFilter previously mentioned vulnerabilities, and Cisco Talos assumes that the bad guys in by making use of these flaws. However, it is difficult to detect, the VPNFilter infection, and updated devices may have been infected before the patches were applied, so it may be best to start from scratch.

How To Factory-Reset Your Router

Before you reset your router, do a little preparation. Write down the names and passwords for your wireless networks. That way you can use the router again with the same information and all of your devices re-connect easily.

Make sure that you have a router setup disks, instructions or software at hand if you need to refer to them. If you do not know, you can get them from the router maker of the website. You also need an Ethernet cable; there is usually one in the box with the router.

Finally, make sure that no one else, and no device in your household is the active use of the internet connection, if the reset and setup process can take up to an hour.

Then comes the actual reset. There is often a small pinhole button on the bottom or back of the router to which a factory reset if you are on a pin-code or the end of a paper clip. If not, check your router maker’s website for specific factory reset instructions.

Press the button, or do what the router creator of the website tells you to do. Then follow the regular installation instructions. You’ll probably need to run a setup program from a PC or Mac, while it is connected to the router via an Ethernet cable.

As indicated above, the make of the wireless network or networks with the same network names and passwords as before, so that your Wi-Fi devices can connect to painless.

But make sure that you have the default administrator password when you restore the factory settings. You should also disable remote administration of access as you can.

Install the latest firmware updates for your router. We were given instructions on how to do this with the major router brands here.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular