The US Federal Bureau of Investigation said in a Friday statement that "all owners of small office and home office routers" are restarting the devices, hopefully exposing them to fewer malware attacks involving Russian governmental actors. The FBI reportedly confiscated a server used to escalate the infection, and made a reboot an effective way to disable it.
A Cisco cybersecurity team said Wednesday that at least 500,000 routers in 54 countries were affected by the malware. The software is said to target consumer-level routers used in home and small offices, and is capable of both monitoring local traffic, cleaning up the routers, destroying them, and shutting users off the Internet. Linksys, Netgear, TP-Link, and MikroTik routers were reportedly vulnerable ̵
Get Data Sheet, Fortune Technology Newsletter.
According to The Daily Beast report, VPN Filter is a product of a group called, among others, "Sofacy Group" and "Fancy Bear". The same group was allegedly responsible for the hacking of e-mails from the Democratic National Committee and the Hillary Clinton campaign in 2016, and was strongly linked to the Russian government.
According to Ars Technica, the VPN filter malware is "one of the few Internet-of-things infections that can survive a reboot," because a stubborn first stage of infection can use automated remote systems to get their second or second third stage to install or reinstall.
The FBI seizes one of these remote systems, hosted by the threateningly named ToKnowAll.com domain. The attackers may need to use a much more labor-intensive method to re-infect devices after rebooting. The reboot, according to a statement by the US Department of Justice, will help government teams "identify and fix the infection worldwide" by apparently tracking messages sent from infected devices after rebooting.