Nyton Ransomware on PR2100

Hello all,

I got hit by a ransomware on my PR2100. All the files were crypted and show now a .nyton extension.

Some txt file with instruction to decrypt them ask for 1200$ on a bitcoin account.

Any of you got hit too?

I’m afraid I lost all my data, but I want to prevent any future attack of this kind if I reset my NAS.

I’ve been wondering or somewhat worried about this for some time. I considered posting something on how to secure your NAS or ask how best to use proper security hygiene. I’m not a power user at all; instead, I’m a user that is aware of these issues that are affecting NASs right now. QNAP only until I read this morning.

Can someone please post some robust rules to follow to prevent this? I have a solid username and long password. I’ve turned of cloud access and use mine only for Plex and Time Machine backups. I have backups of everything on an external drive in a fire safe.

I’m sorry you got hit like this…

WD you folks should be posting something on this to preserve your brand identity. Which isn’t great in my eyes to begin with…my PR4100 STILL doesn’t restart after updates or being requested. How can something like to take so long to fix?

@kev_inYVR we’ve made available a Beta version of 2.31.195 that fixes the PR Series reboot issue. This fix will also be available in the next production firmware release. https://community.wd.com/t/my-cloud-pr2100-pr4100-2-31-195-beta-firmware-for-reboot-issue

I have also been hit by the .nyton extension which made my PR2100 unusable. It is the third time with in a few months. There must be a hidden backdoor in the system and this NAS drive I dare not use any more until WD has solved this big problem. - So please find a solution!!