Nyton infection

My WD Mycloud has been breached somehow and everything infected with Nyton ransomware virus (and txt file with supposed ransom fee to unlock). I’m running Macs/Apple devices only in the house, no PC, any solutions available?

Same here. Running the latest available FW from the administration GUI - WDMyCloud v04.05.00-342. Other devices on the network were not affected by Nyton.

Best solution when any hard drive contents is infected is to whipe the My Cloud hard drive and restore from a uninfected backup (Safepoint / Backup).

Even if you follow the directions of the malware to remove it, there always exists the possibility that it is still lurking hidden on the hard drive among the data or firmware files.

Now is a good time to ensure you don’t have any security holes in your local network. Make sure the local network router is up to date with the latest firmware and security updates. Make sure all local computers are running the latest updates. Install a antivirus/malware scanner and scan all local computers and other devices on the local network. Make sure, if using a wireless router, that one has ALL wifi networks encrypted with WPA2 and are using strong passwords. All WiFi and computer passwords (including the My Cloud passwords) should be changed immediately to strong passwords. Disable all guest networks. Make sure only your devices are connected to the local network.

There are many other steps to take but these are the starting point.

1 Like

I’m just curious here: Would a Quick restore be enough or would it require a Full restore (low level format)?

The problem with any infection by ransomware/malware/virus is where it is being stored and how it’s infecting the device. In certain cases if the operating system or firmware is vulnerable the bad program could hide in the operating system/firmware and be immune to deleting user data (ie a Quick Restore or Full Restore) and resetting the OS/firmware to default settings. Then of course comes the backup data if any. Is that too infected? If so all one will be doing is re-infecting their system after spending a significant amount of time trying to get rid of the bad program and restoring user files.

Often the suggestion is to completely erase all content on the hard drive and start from scratch if one was dealing with a computer. To do something similar with the single bay My Cloud would require one to basically perform an Unbrick procedure that includes reformatting all partitions and reloading the firmware.

One suggestion if going the Quick Restore route and one has a Safepoint / Backup copy of the recent My Cloud data is to attach the USB hard drive containing that Safepoint / Backup to a computer that has malware/antivirus scanner(s) installed and scan the USB drive in it’s entirety to ensure it’s not infected. Of course by attaching a USB drive that is already infected to a computer one is risking the computer becoming infected.

Edit to add: None of this of course helps if one doesn’t know how they got infected in the first place. If one has shared their My Cloud access (including the insecure FTP access) with others through local or remote access it’s entirely possible that other person has infected the My Cloud inadvertently after they themselves were infected.

1 Like

Thank you Bennor. Luckily I have a clean Safepoint (only about 2 weeks old, yay!) on a WD Passport device that was not infected. I’m currently into Hour 27 of Factory Reset of MyCloud and will wait until that finally finishes before implementing the actions you suggest and restoring. I have scanned the Safepoint backup data and computers in the house - all is OK it seems. Will update.