The FBI is asking people to reboot their routers in an attempt to stop a sophisticated Russian malware. The malware is thought to have already affected hundreds of thousands of internet users. The request is simple. If you have a router at home, simply turn it off and on again. According to the Federal Bureau, the malware has the capability to block web traffic and to also collect the information that passes through home and office routers. It may also disable the router completely.
The Department of Justice confirmed last week that there were hundreds of thousands of routers under malware’s control. US authorities believe that the malware was created and deployed by a group called the Sofacy Group. The group has other codenames too such as APT 28 and Fancy Bear. The FBI believes that the group is directed by Russian military intelligence. The group has also been blamed for hacking the Democratic National Committee in the run-up to the 2016 election.
This new alert is targeting small businesses and people who have a router at home. There are several solutions that can be used according to the FBI, and rebooting the router is the most basic one. This will temporarily disable the malware. Secondly, the FBI is also advising people to upgrade their firmware. In cases where remote management settings are in place, the bureau recommends disabling them.
The spread of this Russia-linked malware has been quite massive. A report by Talos, an intelligence division at CISCO that analyzes threats, revealed that there are at least 500,000 routers already affected by the malware in 54 countries. The US Justice Department said that the web domain toknowall.com is a critical part of the malware’s command and control infrastructure. As such, the department has already sought and received permission to seize it.
The FBI says that since the domain is under its control, any future attempt by the malware to re-infect a router that was initially compromised will be easily detected and prevented. In addition to this, the FBI is now in a position to get the IP addresses of the affected routers. This will help in the identification of victims in the coming days. The Talos report noted that the malware is capable of shutting down access to the Internet for hundreds of thousands of people.
Incidents of Russian hackers targeting IT infrastructure in the Western countries are not uncommon. There’s already an investigation going on in the US by special counsel Robert Mueller on the possible interference of Russian hackers into the US election. Kremlin has also been accused of targeting western corporations in the past. Nonetheless, the Russians have denied any involvement with the router malware saying that intelligence agencies in the west have failed to present any evidence linking the malware to Moscow. The FBI is hoping that the new directive will help stop the threat before it causes even more damage than it already has.