Ransomware solutions

msalsinha · August 25, 2021, 10:32am

I recently suffered a RANSOMWARE attack (0xxx), I had not made any backups and I lost all my files.

From what I’ve read on various forums, “My cloud” offers a lot of vulnerabilities and “Anti-Virus essentials” isn’t very effective.

Can anyone recommend a good anti-virus and anti-malware?

My NAS is DL2100 with OS5.

Neha_07 · August 30, 2021, 4:27am

Hi @msalsinha,

Anti-Virus Essentials is an antivirus application that is available for app-ready My Cloud devices. The applications helps users protect data from virus and malware by scanning the My Cloud system as well as files and folders. For assistance installing and using Anti-Virus Essentials, please see the information below:

Link: My Cloud: Installing and Using the Anti-Virus Essentials App

JoeySmyth · August 30, 2021, 8:12am

I can highly recommend keeping offline backups of everything because even the BEST anti-virus and anit-malware is not a 100% Guarantee you won’t get infected.

eloj · August 31, 2021, 9:41am

How did you remove the 0xxx virus execution code from your NAS?
Or, how are you sure that the virus program has been deleted?

I also had Public files encrypted in July 2021 (only public, other shares are okay) and suspect that the virus was introduced by a WD firmware update, so under WD responsibility. Very insecure perspectives for the future of My Cloud 5 NAS!

Ian66 · August 31, 2021, 8:34pm

Hi just in the process of wiping my WD mirror as been hit as well. I do have a monthly back up but unsure how to check it is clean as does doing a factory reset also make sure it is fully clean?

NAS_user · September 1, 2021, 12:29pm

Factory reset will NOT scrub a virus.

user data generally not affected by 4 and 40 second resets.
O/S won’t be reloaded with a factory reset.

If you really want to scrub a virus you need to;

Run a virus checker you trust on the drive. (not sure where to get one for a WD Linux box)
OR wipe the drive of data AND reload the operating system
- Reloading operating system will have the same steps as a Reversion from OS5 to OS3. . .(just a matter of what O/S you chose to reload the system with after you wipe the primary O/S) . .pretty sure it works on older systems with Rev 1 Rescue firmware. Jury out with the newest units that have Rev 2 Rescue firmware.

msalsinha · September 1, 2021, 5:16pm

@Neha_07 I had Anti-Virus Essentials installed and it didn’t do any good.

Furthermore, I suspect the attack occurred in an Anti-Virus Essentials update.

msalsinha · September 1, 2021, 5:20pm

@JoeySmyth of course! And I agree that I should make backups, but I still need a better and more efficient antivirus than Anti-Virus essentials.

msalsinha · September 1, 2021, 5:26pm

@eloj I’m not sure if the virus was completely cleaned!
But I ran Anti-Virus essentials on my cloud OS5 and malwarebytes on my pc and at least it stopped with the encryption

msalsinha · September 1, 2021, 5:30pm

I heard about CLAMAV which is an open source antivirus, but I don’t know how to install it!
Can anybody help me??