![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Scream And Fly
Gawd
- Joined
- Nov 27, 2005
- Messages
- 821
There is a remote execution attack that’s wiping those NAS drives completely. Evidently WD knew about this vulnerability for years and never patched it.
It happened to my MyBook Live Duo RAID1 NAS two days ago, when it seems this attack struck worldwide around that time. I went to access some files on my NAS, and everything was gone. I just had a message indicating that the drive was restored to its factory configuration. I did not have cloud remote access enabled and I thought that prevented the drive from accessing the internet, but I guess not. None of my computers or devices on my network was compromised. Fortunately my data is all backed up, but restoring 2TB is going to be a PITA.
Info here:
https://community.wd.com/t/help-all-data-in-mybook-live-gone-and-owner-password-unknown/268111/79
If you have one of these drives on your home network, I would disconnect it from the internet immediately.
It happened to my MyBook Live Duo RAID1 NAS two days ago, when it seems this attack struck worldwide around that time. I went to access some files on my NAS, and everything was gone. I just had a message indicating that the drive was restored to its factory configuration. I did not have cloud remote access enabled and I thought that prevented the drive from accessing the internet, but I guess not. None of my computers or devices on my network was compromised. Fortunately my data is all backed up, but restoring 2TB is going to be a PITA.
Info here:
https://community.wd.com/t/help-all-data-in-mybook-live-gone-and-owner-password-unknown/268111/79
If you have one of these drives on your home network, I would disconnect it from the internet immediately.