FBI Warns Small & Home Office Owners of Possible Malware

FBI urges people to reboot routers to thwart hackers

The FBI is warning people to reboot their small office and home office routers. A router directs traffic on the internet by forwarding data packets between computer networks. That group, also known as A.P.T. 28 and the Sofacy Group, is believed to be directed by Russia's military intelligence agency.

The group has also been named by the Democratic National Committee in its lawsuit regarding the 2016 hack of its emails and phone calls.

The F.B.I. and cybersecurity researchers are calling the malware VPNFilter. (Note: A full reinfection is still possible - but, criminals would have to expend significant effort in order to successfully reinfect a device, and may be more likely to move on to other attacks).

The IT security experts at Cisco, who apparently detected the malware in the first place, also recommend users to reset the devices to factory settings to ensure that there is no trace of the malware.

An analysis by Talos, the threat intelligence division for the tech giant Cisco, estimated that at least 500,000 routers in at least 54 countries had been infected by the malware, which the Federal Bureau of Investigation and cybersecurity researchers are calling VPNFilter. The announcement from the F.B.I. did not provide any details about where the criminals might be based and their motivations remain unknown. The part of their campaign included a highly sophisticated and advanced form of malware known as VPNFilter.

Last week, security researchers at Cisco's cyberintelligence unit Talos warned of the attack: malicious software, dubbed VPNFilter, had infected an estimated 500,000 consumer routers in 54 countries and was targeting routers from Linksys, MikroTik, Netgear and TP-Link, and possibly others.

After a reboot, the malware is created to go back online and reload the applets.

"In particular, the code of this malware overlaps with versions of the BlackEnergy malware - which was responsible for multiple large-scale attacks that targeted devices in Ukraine", Talos said in a post on its website.

The U.S. government says it has seized a critical web domain, called, which the Russian hackers were using to disseminate the malware. Turning the router on and off temporarily disrupts the malware and erases parts of it, though the router can be reinfected.