Ransomware got to my WD MyCloud Drive!

My Cloud OS 3 Personal & Network Attached Storage My Cloud
#1

Not sure where or how my system got compromised. At this point it is moot. The end result was that my computer was totally encrypted, as well as all the backup files on MyCloud. I was using continuous backup, and I assume that as each file on my computer was encrypted, MyCloud saw the file updated and backed it up.

It’s evident that any drive that is mapped to the system is at risk. What I am unable to find is any information on how to overcome this huge, basic deficiency in backup software…especially Smartware Pro!

How to make a MyCloud device invisible to Windows
#2

So, have you received an actual ransom payment request to get your device un-encrypted, so that you know beyond any doubt that it is actual ransomware and not something else?

#3

Any hard drive connected to the infected PC is at risk, and any mapped drive NOT just the My Cloud or Smartware program is at risk.

It is not a huge deficiency in backup software, its how PC’s and software work. Its why one must ensure they stop threats at the edge of their network and not after the network is already infected. This includes safe surfing habits and running up to date anti virus/security software and running scans often.

There are some more expensive NAS boxes, including some of the My Cloud line that have virus/malware scanning modules that can scan data. However that won’t prevent certain types of infections. AV and malware scanning programs will only catch what they’re programmed to catch.

About the only way to stop such an infection is to NOT map the My Cloud to the computer, to set all Shares on the My Cloud to Private, do not store any data in the Public Share, and to NOT save the login credentials to access those private Shares.

Generally nothing will prevent a backup program from backing up an infected PC unless that backup program scans the data for malware/viruses prior to backing it up. Once an infected PC is backed up there isn’t much you can do with the backup set other than destroy it. The only way to ensure one is 100% clean from an infection is to wipe the hard drive and reinstall the OS and any programs from original media. There is always a chance the backup set could contain the infection and one could simply reinfect their PC after restoring it from original media.