The most widely-reported instructions for dealing with the new Russia-linked malware hitting routers across the globe sounded like the cybersecurity fix we’ve all been waiting for: Turn it off, turn it on again.
Not so fast.
The FBI’s urgent bulletin on the cyber attack, called VPNFilter, instructs users to reboot their routers “to temporarily disrupt the malware.” Certified ethical hacker Rodney Gullatte Jr. says Springs businesses must take several other steps to avoid becoming victims of VPNFilter — or being sued for letting their clients become victims.
“There’s more. There’s a lot more that you need to do for it,” said Gullatte, founder of Firma IT Solutions & Services.
- Unplug the router, turn off the power, wait 30 seconds and plug it back in again. (This has been the most widely reported measure.)
- Log in to your router and change the password on your router.
- Change the password for your WiFi.
- Most importantly, update the firmware in your router.
“If you look up the make and model of your router, you should be able to find instructions on how to do all those things if you’ve never done them before,” Gullatte said. “And definitely — if you’re one of those people who’s never done this before, you are at risk and you’ve been at risk since you bought that router.”
VPNFilter targets small office and home routers. The FBI bulletin notes that the malware can collect personal information and block network traffic. And hackers can potentially use any infected router as launching pad for further attacks.
The Talos report which first identified VPNFilter said devices manufactured by Linksys, MikroTik, Netgear and TP-Link are affected — but Gullatte said everyone should take precautionary steps regardless of the router brand they own.
“Even though it’s only affecting those four major brands — that’s what the FBI has identified — that’s still a good rule of thumb for all of your routers,” he said. “You should change your passwords; you should check the firmware.”
If you don’t?
“Then everything on your network is available for sale,” Gullatte said. “All your data, all your client data, all that personal information that’s going to cost you up to $50,000 per record if HIPAA finds out that that data’s been compromised — and they’ll find out. And your clients can sue you when they find out you’ve been breached.
“There’s a lot of businesses out there that are hoping nothing happens to them. They walk into work every day and as long as everything’s working, they’re happy. Well — hackers aren’t always going to take your systems offline. It’s good for them to let your stuff stay working so you think everything’s OK, and the whole time they’re downloading all of the information out of your network in real time.
“They can take their time and disassemble the data and find out what passwords you have and use your account information and all the files on your network… If they control your router they control everything on your network, all of it. That’s the risk right now.”
Gullatte said while none of his own clients have the router brands affected by VPNFilter, many Springs businesses do use them, and don’t change their passwords. He urged people to take action.
“Don’t just feel guilty about it, do something about it — please — not just for yourself but for your clients and for your customers and for our community,” he said. “It’s our whole community they’re putting at risk when they don’t do the right thing with their data and their internet security. I don’t want our community at risk.”