In a June 24th, 2021 blog post, Western Digital announced that a remote command vulnerability had struck My Book Live Duo and My Book Drives. Users had already reported that attackers had done a factory reset to some of their devices.
Log File Review
Clients have since sent in files for evaluation by the data storage firm and hard disk manufacturer. The company discovered that the criminals used various IP addresses from different countries to connect to the drives.
The hackers also installed trojans with the file name “.nttpd,1-ppc-be-t1-z”. They are in the form of Linux ELF binary, the same architecture that WD uses for My Book Live Duo and My Book Live.
The organization claims that it hasn’t found any evidence of server updates or credential compromisation, although investigations are still underway. It, however, thinks that port scanning could have led to exposure via port forwarding.
The post reveals that although some clients have found ways to recover files, Western Digital is still analyzing their effectiveness.
The firm also assures My Cloud Home and My Cloud OS 5 series users that they both use a different security architecture. Therefore, they’re not prone to the current attack.
During this fiasco, the Western hasn’t offered a solution. That is probably because its last firmware update was in 2015.
Users should confirm if hackers deleted their data by logging into their accounts. “Invalid password” will indicate that someone already wiped off the data. If the credentials go through, they should instantly disconnect their drive from the internet to avoid the attack.
The next step is to use the ethernet cable to connect to the NAS drive and computer. The final action is to restart the computer and contact Western Drive’s support if any issues arise.
There’s a new attack somewhere on the internet every 39 seconds. With cyber-attacks becoming commonplace in 2021, it’s crucial that organizations protect their data using encryption and antivirus software.