Reboot Your Router, But Don't Stop There

Eric Limer
Photo credit: ⠀
Photo credit: ⠀

From Popular Mechanics

  • Rebooting your router disrupts the VPNFilter malware, but does not remove it.

  • To wipe it completely, do a full factory reset.

  • Look for a 'reset' button on the back of your router and hold it down for about ten seconds. This will also wipe all custom settings.

  • Change your router's admin password to anything but the default.

Last week, the FBI sent out a warning: Reboot your router because a dangerous piece of malware, VPNFilter, has compromised hundreds of thousands of routers. If you did that, good. If not, do it now. But if you really want to be rid of the cyberscourge, you'll have to go a little further and reset it to its factory settings.

VPNfilter is a nasty little bugger that can do all sorts of awful things like spy on your internet traffic or even brick your router, but before it can do any of that it has to load itself up.

The malware comes in three stages. Stage one is the one that sinks its teeth into your router and lays the foundation for the funny business. Stage two, which stage one goes and downloads, is the actual meat of the problem. This is the software engine that can actually start messing around and slurping up your data, including things like browser history, usernames, and passwords. Stage three is the icing on the cake, and comes in various forms that modify the capabilities of the main hacking engine, stage two.

Rebooting your router, as the FBI recommends, only removes stages two and three, leaving stage one to call out to its masters and redownload its business end. This isn't oversight on the FBI's part, but rather the actual point. As the FBI's statement notes (emphasis ours):

The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.

By rebooting our routers in mass, we are both forcing the infected ones to identify themselves by calling to their masters for a redownload of stage one and two, but also lighting up the distribution network, which will have to work overdrive to deliver all these packages at once. Now that's all well and good-especially if the FBI can solve the problem at its root-but in the meantime your router might still be infected and there is, as of now, no good way to check.

Factory settings

If you want to disinfect your router completely, you'll have to do a full factory reset. First though, search for and save any instructions you may need to get it connected again so you have them on hand.

The reset process varies from router to router but generally involves a button on the back labeled "Reset" or "Factory Reset" that needs to be held down with a paperclip for about ten seconds.

Once your router is fresh and clean, you'll also want to change its password and upgrade its firmware if there's an update available. Again, this varies from router to router so look up yours specifically, but the general instructions generally are to:

  1. Connect your computer to your router (with and ethernet cable if possible)

  2. Point your web browser to your router's control panel page (usually by putting the address 192.681.1.1 in the address bar)

  3. Login to the router's control panel using the default username/password (usually some combination of the words 'admin' and 'password')

From there, poke around or refer to your router manufacturer's official instructions.

You Might Also Like