Recently, we did a blog post about QNAP devices and a few ransomware variants that target those systems specifically. They only target those that are exposed to the internet and had certain settings enabled that allowed remote access. However, a recent one discovered for the MyBook Live series from Western Digital erases your data completely. Please note, this does not cause issues with the MyCloud series.
If you have one of these drives, immediately unplug it from the internet and from power. The issue is that there is a remotely accessible bug that causes the attacker to be able to perform a hard reset on your device and wipe all of your data without the password and without any authentication. Once this has been done, all the end user would see is the standard folders that appear with a new drive.
The MyBook Live devices last had a firmware update in 2015, so there is not any way to defeat or stop this attack short of disconnecting the drives. And that is precisely what Western Digital is requesting. Typically, these are stored behind a firewall and are not accessible through standard access, but this issue seems to bypass those protections.
There does not seem to currently be any ransom demands or any reasoning behind the attack, other than simple maliciousness.
Western digital will be offering data recovery services to those that are affected by this beginning in July. They are also offering discounted pricing on the MyCloud series of drives that are not affected by this issue.
Please be safe, and maintain multiple backups of all data. This way, if something happens you can recover from it.
Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, Cyber Security, IT Service, IT Security MAC repair, PC Repair, Virus Removal, and much more. Give us a call for remote support or drop in to drop off.