The VPNFilter threat isn’t over yet

The daily battle waged against malicious hackers by IT professionals, cybersecurity companies, and governmental institutions is, mercifully, a distant concern for most of us. Why get spun up about cybersecurity when an army of IT professionals stands between us and the bad guys?

But now the professionals are recruiting from the public.

A few weeks ago, the FBI urged consumers to help combat a new malware threat, known as VPNFilter, that has infected over half a million routers in 58 known countries and could be poised to inflict heavy damage on IT infrastructure around the world.

The malware software, which embeds itself in home router systems, originated in Russia and could be connected to the government-linked hacker cohort that stole information from the Democratic National Committee in 2016, according to the cybersecurity organization Cisco Talos Intelligence Group. The Treasury Department on Monday imposed new sanctions on a handful of Russian companies in response to the attack.

VPNFilter works in three stages. First, the software infects the router. Second, the malware software downloads a software engine that can steal user data. Lastly, the software expands its capabilities, allowing it to “self-destruct,” among other things.

To stop the spread of VPNFilter, consumers will need to follow the FBI’s advice do a hard reset on their routers. Simply turning the router off and on won’t eliminate the malware software, which reinstalls itself after each reboot. Instead, consumers will need to reset their routers back to factory conditions and change their passwords to anything but the default. If a firmware update is available, users should go ahead and update the router software.

According to Talos, the VPNFilter threat continues to grow. VPNFilter has been found on a range of router devices, including Asus, D-Link, Huawei, Linksys, MikroTik, NetGear, and ZTE, among others. The list is incomplete and likely to expand.

As of this time, there is no way to know if any particular router has been compromised. Your safest bet is to go through the process of resetting your router and changing the password.