A recent Russian malware attack has infected some 500,000 routers around the world, and it’s not done yet. While it mainly targets home routers, businesses are not safe either. Here’s what we know about the attack, its capabilities and how to stop it.
4 Key Pieces of Info about the Russian Malware Attack
1. Where did it come from?
Experts have long speculated that the Kremlin has launched several hacking attacks against Ukraine and other countries, including the United States during the 2016 presidential election. Russia has denied those claims.
However, earlier this year, the CIA concluded that Russia was behind the catastrophic NotPetya attack that was launched at Ukraine on their Constitution Day in June 2017. The timing may be right for another Constitution Day attack—the holiday takes place on June 2018.
2. What will it do?
NotPetya was a ransomware-like attack that encrypted just about every single file on an infected computer, seriously messing up its hard drive. It was extremely difficult to prevent or remove.
This latest Russian malware attack, dubbed “VPNFilter,” is arguably scarier. It has characteristics of what’s called a man-in-the-middle attack, meaning it can manipulate any traffic that goes through the infected router.
Hackers can literally control what you see on your computer screen. For example, you may open your bank account and see your normal balance, meanwhile they’ve already siphoned all of your money. If your router gets infected, virtually none of your personal information is safe.
3. How can it be stopped?
Protecting yourself from VPNFilter requires you to tamper a bit with your router. It’s nothing too technical, but it can be quite annoying to figure out if you’re inexperienced. Check the website of your router manufacturer for a detailed guide on how to do the following:
- Complete a factory reset of your router.
- Update to the latest firmware.
- Change your router’s administrative username and passwords. (If your router does happen to be infected, this will revoke the hacker’s access.)
- Finally, disable remote administration. (This is usually disabled by default, but as with all other cyber security procedures, it’s better to be safe than sorry.)
4. Can you tell if a router is infected?
No, you can’t tell if your router has been infected, which is why we recommend resetting yours, even if it’s not on this list of the most vulnerable routers.
This new strain of Russian malware is more advanced than the last, and even though it mainly targets Ukraine, computers in America are being infected as well. Take the necessary steps to protect your data as soon as possible.