Someone Erases Data from WD My Book Live and Manufacturer Advises Unplugging Devices

by Emma Davis
June 25, 2021
WD My Book Live
Written by Emma Davis

Western Digital NAS owners worldwide complain that all files have been deleted from their WD My Book Live devices, and they can no longer log in through a browser or app, receiving an “Invalid Password” error. Trying to use the default password (admin) doesn’t help either.

Some victims write that, judging by the logs, their devices received a remote reset command to factory settings.

I found this in the user.log of my drive: Jun 23 15:14:05 My BookLive factoryRestore.sh: begin script:
Jun 23 15:14:05 My BookLive shutdown[24582]: shutting down for system reboot
Jun 23 16:02:26 My BookLive S15mountDataVolume.sh: begin script: start
Jun 23 16:02:29 My BookLive _: pkg: wd-nas
Jun 23 16:02:30 My BookLive _: pkg: networking-general
Jun 23 16:02:30 My BookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 My BookLive _: pkg: date-time
Jun 23 16:02:31 My BookLive _: pkg: alerts
Jun 23 16:02:31 My BookLive logger: hostname=My BookLive
Jun 23 16:02:32 My BookLive _: pkg: admin-rest-api

It seems that this is the reason for what happened … At that time, no one was at home to use this drive.writes one of the victims.

Many users fear that their devices have been compromised, and an attacker has sent a massive reset command to the NAS. But in this case, it is strange that the attackers did not leave ransom notes and other threats, instead carrying out a destructive and senseless attack.

Some victims report that they were able to recover some files using the PhotoRec tool. But, unfortunately, this method did not help everyone.

Western Digital has already issued a warning advising all owners of My Book Live and My Book Live Duo devices to urgently disconnect them from the Internet while the company’s engineers investigate the issue.

Western Digital has determined that some My Book Live devices have been compromised by malware. In some cases, this compromise has resulted in a factory reset, which appears to erase all data on the device.

My Book Live devices received the latest firmware update in 2015. We understand that our customer data is very important. We currently recommend that you disconnect your My Book Live from the Internet to protect your data. We are investigating and will update this thread as new data becomes available.the company representatives write.

Also, Western Digital engineers told the media that, in their opinion, the devices were compromised using a certain vulnerability, since they were directly connected to the Internet.

Interestingly, the last firmware update for WD My Book Live was released in 2015, and after that critical bug CVE-2018-18472 was discovered, for which an exploit immediately appeared.

Let me remind you that I also talked about the fact that Attackers use a three-year-old RCE bug to install backdoors in Qnap NAS.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending