Some users hit by the attack are concerned that Western Digital’s servers were hacked so a threat actor could end a factory reset command.
If a threat actor was using ransomware to wipe devices the company should have gotten ransom notes or other threats. The factory reset indicates these malicious and destructive hackers. And there is speculation that the attack was not for profit.
Western Digital believes the attack was caused by malware that compromised the system using an unpatched vulnerability. The company hasn’t explained how the attack infiltrated the servers. The investigation is ongoing.
Western Digital is urgently asking all users to disconnect the My Book NAS device from the internet now.
“At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device,” Western Digital said in an advisory.
Western Digital statement
“Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available.”-Western Digital
