Cyber Criminals Hacking Into Western NAS Drives

Deyan G.
Deyan G.

Updated · Feb 21, 2022

SHARE:

Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

In a June 24th, 2021 blog post, Western Digital announced that a remote command vulnerability had struck My Book Live Duo and My Book Drives. Users had already reported that attackers had done a factory reset to some of their devices.

Log File Review

Clients have since sent in files for evaluation by the data storage firm and hard disk manufacturer. The company discovered that the criminals used various IP addresses from different countries to connect to the drives. 

The hackers also installed trojans with the file name “.nttpd,1-ppc-be-t1-z”. They are in the form of Linux ELF binary, the same architecture that WD uses for My Book Live Duo and My Book Live.

Analysis

The organization claims that it hasn’t found any evidence of server updates or credential compromisation, although investigations are still underway. It, however, thinks that port scanning could have led to exposure via port forwarding. 

The post reveals that although some clients have found ways to recover files, Western Digital is still analyzing their effectiveness. 

The firm also assures My Cloud Home and My Cloud OS 5 series users that they both use a different security architecture. Therefore, they’re not prone to the current attack.

During this fiasco, the Western hasn’t offered a solution. That is probably because its last firmware update was in 2015.

Way Forward

Users should confirm if hackers deleted their data by logging into their accounts. “Invalid password” will indicate that someone already wiped off the data. If the credentials go through, they should instantly disconnect their drive from the internet to avoid the attack. 

The next step is to use the ethernet cable to connect to the NAS drive and computer. The final action is to restart the computer and contact Western Drive's support if any issues arise.  

There’s a new attack somewhere on the internet every 39 seconds. With cyber-attacks becoming commonplace in 2021, it's crucial that organizations protect their data using encryption and antivirus software. 

SHARE:

Deyan G.

Deyan G.

Techjury.net's manager. Deyan has been fascinated by technology his whole life. From the first Tetris game all the way to Falcon Heavy. Working for TechJury is like a dream come true, combining both his passions – writing and technology. In his free time (which is pretty scarce, thanks to his three kids), Deyan enjoys traveling and exploring new places. Always with a few chargers and a couple of gadgets in the backpack. He makes mean dizzying Island Paradise cocktails too.

Leave your comment

Your email address will not be published.