WD My Book NAS devices being remotely wiped clean

If you have one, it may be too late, but disconnect it from the internet.

https://www.bleepingcomputer.com/new...ean-worldwide/

Quote:

Western Digital My Book NAS owners worldwide found that their devices have been mysteriously factory reset and all of their files deleted.

[nomadking]

It's official.
WD site

Quote:

Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.

Quote:

Advisory Summary
At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device by following these instructions on our Knowledge Base.
We have heard customer concerns that the current My Cloud OS 5 and My Cloud Home series of devices may be affected. These devices use a newer security architecture and are not affected by the vulnerabilities used in this attack. We recommend that eligible My Cloud OS 3 users upgrade to OS 5 to continue to receive security updates for your device

Link

Quote:

In general, we recommend using Internet-isolated solutions for creating and storing backups of important information. The isolation will prevent you from accessing backups remotely, but it will also prevent anyone else from accessing them remotely.

I could be wrong, but I think that attaching it to something other than the VM superhub might be a solution. I was looking into remotely accessing my WD Cloud NAS setup(24Tb RAID5), where it's connected to a separate router which is then connected to the superhub(not in modem mode). It wasn't going to be straight forward.
Known as Double NAT.

Quote:

Double NAT is when you connect your router behind another router creating two different private networks. For example, connecting your NETGEAR router behind a modem/router provided by your ISP. Double NAT does not prevent your devices access to the internet but may cause problems with playing online games, opening a specific service port, connecting to a VPN tunnel, or visiting secure sites with SSL. Also, the devices connected to the first private network may not be able to communicate to the devices connected to the other private network.

[spiderplant]

This looks genuine. It's also on WD's website:
https://www.westerndigital.com/suppo...-mybookliveduo

I suggest you leave it disconnected (and powered off?) until they publish further info.

[SnoopZ]

Disconnect from the internet or risk losing everything on the drive.

[Hom3r]

I have received an email from WD telling me to disconnect my that NAS drive from my network.


I'm hoping they release some update soon

[Jacquesb]

Latest info from Western Digital :

Western Digital has an important announcement for registered My Book Live or My Book Live Duo customers.

Immediately disconnect your My Book Live device from the Internet to protect your data from ongoing attacks. You can disconnect the device and continue to access your data locally by following these instructions on our Knowledge Base.

Some My Book Live devices connected to the Internet are being compromised by attackers and in some cases, the attackers have triggered a factory reset that appears to erase all data on the device.

We are here to help. Although this product family is no longer sold or supported by Western Digital, we know some of our customers have been impacted and we want to help. If you have lost your data as a result of these attacks, we will provide data recovery services which will be available beginning in July.

We know how important your data is to you and are committed to helping you protect it. We are launching a trade-in program that will allow you to upgrade from your My Book Live to one of our supported My Cloud devices.

We will provide details about how to take advantage of these programs in a separate email.

In case you are concerned about other products and services from Western Digital, our investigation of this incident has not found any evidence that our cloud services, firmware update servers, or customer credentials were compromised. The vulnerabilities being exploited are limited to the My Book Live devices, which were introduced to the market in 2010 and received a final firmware update in 2015. These vulnerabilities do not affect our current My Cloud product family.

The latest information about this incident will be available on our Product Security Portal. If you need any additional help, please contact our Customer Support team.

Very commendable, but let's wait & see.

Very much [reputation] damage limitation, but well done to them anyway.

[roughbeast]

I take it that Western Digital external USB drives attached to my ASUS router are unaffected, and that this problem only affects WD NAS devices.

[Hom3r]

Quote:

Originally Posted by roughbeast

I take it that Western Digital external USB drives attached to my ASUS router are unaffected, and that this problem only affects WD NAS devices.

Yeah ATM.