Please see the following threads where the possible issue of ransomware attacking the My Cloud has been previously discussed.
https://community.wd.com/t/ransomware-got-to-my-wd-mycloud-drive/158848
https://community.wd.com/t/ransomware-access-to-usb-device/157709
Generally if your computer can access the NAS device (or other network device/computer) then the ransomware can too. Keep in mind that most users when accessing a Private Share on the My Cloud will instruct their computer to remember the My Cloud User name and password. Once that happens (the computer storing the login information) the ransomware will have access to the My Cloud Private Share.
One particular problem (and something that we’ve complained about often) is the fact that while you can set most Shares to Private you CANNOT set the Public Share (in part used by Twonky apparently for media aggregation) to Private. As such there is always at least one Share open to anyone who can access the My Cloud. Use the forum search feature to find discussion on how people have tried to change the main Public Share to either Private or hidden. Here is one such thread.
https://community.wd.com/t/howto-get-rid-of-public-shares-folder-once-and-for-all/96570
The better way to deal with ransomware is to NOT let it infect your PC in the first place. There are a variety of steps one can take to improve their online habits including not opening spam or questionable email files, using ad blocking web browser plug-ins, using other browser plug-ins like No Script, not visiting pornographic or click-bait type sites.
When having a disaster recovery procedure while the My Cloud is a good solution for storage of backed up files, it is also wise to have your important data routinely backed up to external USB hard drives that are NOT always connected to the PC (or My Cloud). This way if one is hit by ransomware it cannot make the jump to the USB drive’s data unless that drive is attached to an infected computer or device.
