The FBI wants you to reboot your router NOW to help destroy a botnet


Sean Hollister Senior Editor / Reviews
When his parents denied him a Super NES, he got mad. When they traded a prize Sega Genesis for a 2400 baud modem, he got even. Years of Internet shareware, eBay'd possessions and video game testing jobs after that, he joined Engadget. He helped found The Verge, and later served as Gizmodo's reviews editor. When he's not madly testing laptops, apps, virtual reality experiences, and whatever new gadget will supposedly change the world, he likes to kick back with some games, a good Nerf blaster, and a bottle of Tejava.
Sean Hollister
2 min read

The Netgear Nighthawk R7000, which this author owns, is one of the many routers pegged as vulnerable to VPNFilter.

Dong Ngo/CNET

Remember when the world discovered that over half a million routers have been infected with sophisticated "VPNFilter" malware that could, among other things, cut off access to the internet or be used for Russian spying?

Today, the FBI is asking everyone -- yes, everyone -- to reboot their routers immediately. Right now, even. Or maybe after you finish reading this story.

In a public service announcement published Friday and noted by Ars Technica, and a new addition to a US Department of Justice press release, the FBI explains that it's hoping that your actions will help the US government destroy a botnet before a Russian hacking group, Sofacy, can harden the malware's defenses.


How would pressing a button on your router help, though? According to the FBI, rebooting your router will destroy the part of the malware that can do nasty things like spy on your activities, while leaving the install package intact. And when that install package phones home to download the nasty part, the FBI will be able to trace that -- because the US government says it's seized a critical domain that the Russian hackers were allegedly using. 

The FBI confirmed to CNET that yes, it's asking every owner of a consumer or small business router to do this. Why not just the infected ones? Because it's not yet clear how far the infection has spread.

Note that it sounds like you might be taking a bit of a risk by simply rebooting your router, instead of a factory reset that could destroy the malware for good: 

"Although devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure," the FBI writes.

Either way, you might want to consider updating your router's firmware.

Update, 1:52 p.m. PT: Added FBI comment.

What the GDPR means: For Facebook, and for you.