Which further highlights why one should be able to disable or set to private the main default Public Share folder. Its something several of us have complained about for more than a year and so far ignored by WD. One would have to use SSH to change the config files to hid the main Public Share.
I have the MCM Gen 2 and the Anti-Virus Essentials has to be side loaded from a unpublished link. In my case the install fails. Those with the devices capable should install the ClamAV as a added defense.
I need to restrict my public share to read only too since my children may not be aware of what they are doing. Minecraft and Roblox download launchers are vulnerable to being spoofed when Google searching.
Yeah the side loading while it may work for certain My Cloud units may end up dragging down the My Cloud to the point its unusable per the comments in that thread.
For those interested in changing the main Public Share to private or read only:
https://community.wd.com/t/public-share-public-access-on/96854
https://community.wd.com/t/removing-public-share-wd-mycloud/137086
1 Like
I donât know how the laptop just by connecting to home wi-fi could spread Ransomware to whole MyCloud both public than private. He just connected to wi-fi in order to use internet and didnât even try to connect to cloud.
Hard drive on PC is perfectly fine and Norton cannot find a single threat (I wonder if PC had been ON then Antivirus could have done its job and stop the attack?)
Tomorrow I should receive a call from WD technician in order to try to assess causes of disaster (check log etc) and see if thereâs a way to recover files. And I donât think I have ever done a back up unfortunatelyâŠ
Iâd really like to know the outcome of your issue. I have some additional questions for you.
- Do you have âCloud Accessâ enabled?
- Do you use the default admin account for your account or did you setup a user account for you?
- How many named users have access to your MC device?
- How many shares do you have? Are any of those shares publicly accessible? If so, do they have read-only or read-write permissions?
- Have you performed a backup of your data previously? If so, is the drive currently connected? If so, was it compromised?
Actually I have another questionâŠ
What ports do you have open to the internet on your router?
It will sit dormant on his machine until it is connected to a network. The virus will then interrogate devices on the network, finding disk surfaces that are writeable, and machines it can run on. It may have subverted any other machine on your network that has write access to your MyCloud.
Viruses are written by people who know their stuff, who know about how networks work, and the common vulnerabilities and how to exploit them. They are cleverâŠ
Alternatively, as others are alluding to, it may be an external attack, coincidental with your friend.
That is why I lead off with my number 1. Since I disabled âCloud Accessâ my router does not have traffic hitting the MC device. Iâve stated previously port 80 should not be used to transfer our content. Too easy to grab traffic over the unsecure connection over the Internet.
Port 80 and 443 are open. I cannot config ports on my router but just set up level of security of antivirus. None of my devices is associated to a game or service
Let me come back to you on your questions ASAP. Thank you for your interest
Port 80 and 443 are open on what? The My Cloud? You should be able to enable and configure port forwarding on your router through the routerâs administration screen/page. Most routers have the option to setup port forwarding.
If you are not using remote access, simply turn off Remote Access within the My Cloud Dashboard. If not using FTP, turn FTP off as well through the My Cloud Dashboard.
Everything was poorly configurated:
Do you have âCloud Accessâ enabled? â yest it was enable for few devices
Do you use the default admin account for your account or did you setup a user account for you? â I used default admin account from different devices
How many named users have access to your MC device? â There were about 4/5 devices set up with a code
How many shares do you have? Are any of those shares publicly accessible? If so, do they have read-only or read-write permissions? â 4 shares (public, smart, timemachine and A://) and they all had read write permissions for every device
Have you performed a backup of your data previously? If so, is the drive currently connected? If so, was it compromised? â No back up ever made and nothing available from safepoints menu 
I hope this helpsâŠ
Port 80 and 443 were open to internet. I donât think home network devices such as TV, Iphone, Cloud were open to public IP adresses or allowed to be initiated from internet⊠So it says on router settings interface
Users and Devices are different things. A User has an âaccountâ on the MyCloud, and can register a number of remote access Devices.
From what you are saying, it sounds like you have only a single User (Admin), and all the shares you have created are either Public, or are accessible to Admin. In the former case, everything is visible to any device on the network.
Im afraid you have lost everything. The MyCloud can be recovered, by doing a Full Factory ReĂtore, which will wipe and overwrite all the disk space, which should remove any trace of the ransomware.
But your data is lost. Just like it would be if the hard disk failed.
The lessons are twofold (at least):
- always do backups, preferably to a disk that is removable
- make all data Private, and add strong password protection to the user account
- if you must make data Public, make it read-only.
Way up in this thread I gave links to Norton info about ransom ware and some ways to try to get rid of it. One link suggested using Nortonâs FREE Power Eraser program. Did you even try using it to see if it helped?
At present I have used McAfee antivirus to scan my PC (which was clean) and Cloud (about 1500 threats) to clean my home network. Iphones, TV, printer etc⊠cannot be scanned by antivirus but I presume they are fine. The laptop which I suspect created the problem has been switched off since and no rush to turn it on again
On a positive note, yesterday I spent one hour and half over the phone with WD engineer and he connected remotely and checked what happened to Cloud. I donât know what he did exactly as it was getting too complicated to me but he seems surprised to see that Ransomware managed to change settings on accesses or authorizations ⊠He reverted everything back and did a factory restore and managed to open the files but he said they looked damaged (as opposed to encrypt)âŠ
He couldnât do whatever he intended to do and he said he will âescalateâ the case and they would come back to me this week to do something else.
Itâs good and reassuring to see how seriously and professionally they are considering these issues! Well done WD!!
Iâll see if engineer or anyone from WD can comment on this thread and explain a bit
Well, I did not say use Norton anti-virus or their current program Norton Security. I suggested you run Power Eraser. A stand alone free program anyone can use to do deep cleaning to look for rootkits and other nasty things like ransom ware. Once again this is the link: It costs you nothing to run this easy program:
OK Iâll give it a try and I ll keep you posted
