Cette nuit il y a eu une mise à jour vers la version 5.05.118 qui corrige je pense pas mal de problème par rapport à la version 5.05.115.
Mais problème, je me retrouve également avec un message ransomware MARS_DECRYPT… tous mes fichiers images et vidéos sont cryptés. impossible de les lire.
N’y a t’il pas une faille de sécurité au moment de la mise à jour du firmware, ou plus simplement sur mon My Cloud EX2 Ultra ?
Quelqu’un a t’il une idée sur la méthode à employer pour récupérer mes fichier (sans payer !). Que de galère avec ce NAS !!!
A noter que mes PC ne sont pas infectés de ce malware. Mon NAs sert à sauvegarder le téléphone et mes photos…
La protection Antivirus Essential du NAS est activée, avec une mise à jour de la BD A-Virus au 15/10.
Merci par avance de vos recommandations.
Friday december 11th at 21h on my WDMycloudEX2Ultra all files (also) got encrypted. The MARS-DECRYPT. My device was brand new (installed this week) and updated to OS5 ( 5.07.118 ) . Was in the process of transferring al my files .
Have the impression that also the log screen is hijjacked., in explore the http://mycloudex2ultra/ gets redirected to something else.
After soft (4 sec) reboot i cannot acces the device anymore through http://mycloudex2ultra/
Will try a 40 sec reboot
[update ] did the 40 sec reboot poweroff and now the wdmybookex2ultra is no longer visable on the network. ==> i’m lost
I fear all data is lost and i fear the FW is now corrupted . If this is the case then i worry because external party can gain access to the nas through its webportal and change software without authorusation with password etc…
Since i was in the process of moving data most can be recovered from the original resources. This will not be the case for most others.
a) Looking for options to completely rebuild the FW ans settings from scratch.
***[update] how is now important because there is no option left through the normal interface
b) if this vulnerability exist it is very disturbing.
[update] and also destructive to the device, never pay because your data is already lost, device looks bricked and you will also lose your money
@Bennor ,in other posts you are always very knowledgeable and quick in respons, please help and redirect if that is an option.
I do not have a WDMycloudEX2Ultra so I cannot comment about how to specifically fix issues on that specific device.
Honestly one has to determine how important recovering encrypted or infected files are when their hard drive or NAS has been hit with malware and ransomware. For some ransomware there may be decrypt programs for it put out for free by major security vendors or security researchers. Otherwise the best thing to do is wipe the entire unit and start from scratch. This includes wiping all user data and reloading (if possible) the My Cloud firmware. That is the only way one can be as close to being sure as possible that the malware or ransomware is gone. Otherwise one always risks the possibility that the malware/ransomware is lurking elsewhere on the unit or other devices.
Of course the obvious solution is to turn off WD’s Remote Access feature in the My Cloud Dashboard and roll your own VPN server setup. That bypasses WD and the MyCloud.com web portal entirely.
After performing a 40 second reset, if the My Cloud cannot be reached by it’s name, try reaching it using it’s IP address. A 40 second reset will reset the My Cloud DHCP option back to default so it’s IP address along with device name and workgroup name may have changed (back to default settings).
Hi @bennor,
Thanks for your response, i have already accepted i have to look elsewhere to recover the files.
And that i will close of the remote access options als you mention.
Did the 40 sec reboot once more, which took 12 min blue flashing to solid blue led. Looked for the local IP within mine local net work ( ie 192.168.2.xxx)
To discover an ip address totally out of the local range … (see screen print)
This is the way i want to go however cannot even access the device through local IP orf [mycloudex2ultra] any more.
If the My Cloud is using an IP address like 169.254.x.x that usually means it is not obtaining an IP address from the local network router. One can try to access the My Cloud using that 169.x.x.x address and see if the My Cloud Dashboard loads in their web browser. Basic troubleshooting steps, if you haven’t tried them already. Make sure to connect the My Cloud directly to the local network router if isn’t already. Avoid using network extenders or power line extenders to connect the My Cloud to the local network. Check the network cable and replace if necessary. Try a different network port on the back of the network router.
Edit to add: If you haven’t done so already, see the dedicated subforum for the My Cloud EX2 Series where people more familiar with that device may be able to assist.
Have tried the 169.254.x.x…x adres , with no luck as no my cloud dashboard responded.
Have reset the My cloud once more an got solid blue led. Reset the router to close off the channel for this other IP. Tried several tools to discover the My clouds IP on the local net work,with no luck. Device is dead now.
Have looked here ( and will continue to so) but unfortunally no answers. 
Since this model has removable HDD an test on a linux system with gparted was easy to preform. Disk had no partitions (anymore), no valid gpt … Ran Testdisk to recover the partition structure, came up with an structure that look logical. I;m now trying a recover run on the disk to see if any files are there.
Recovery of files i have already given up (have most as originals elsewhere) but want to ensure that no personal data is on the device when i return it.
Device was bought only 2 weeks ago and i will return it as broken.
@bennor Thank you for your time
Side note : This morning I came across:
perhaps similar event this time.
[UPDATE dec 14th] Was unable to fix the issues, it is now completely dead ( Red Led). Returned the MyCloudEX2Ultra to supplier (amzone.nl) for full refund.
Will look elsewhere for an alternative. sorry guys but is as it is.
