WD My Book NAS devices are being remotely wiped clean worldwide

Users have reported their Western Digital (WD) My Book Live devices have been remotely wiped by a malicious actor. WD recommends user immediately disconnect their devices from the Internet. I would add, be sure you have an offline backup.

LINK: WD My Book NAS devices are being remotely wiped clean worldwide (bleepingcomputer.com)

LINK: “I’m totally screwed.” WD My Book Live users wake up to find their data deleted | Ars Technica

As the SANS Handlers commented:

"My Book Network-Attached Storage Devices are Being Remotely Wiped

(June 24, 2021)

"Users of Western Digital My Book network-attached storage (NAS) devices have been reporting that their devices received a remote factory reset command and that their files have been deleted. Western digital is urging users to disconnect their devices from the Internet while the issue is investigated.

"Editor's Note

"[Ullrich]

I will say it yet again: DO NOT EXPOSE NETWORK ATTACHED STORAGE TO THE INTERNET. This is not just a problem with Western Digital. All of these devices have had numerous vulnerabilities. These devices are marketed for simple Internet file sharing, but their rich history of vulnerabilities shows how they should never be used for anything other than internal file sharing.

"[Williams]

Unfortunately, users almost certainly connected these devices directly to the Internet. But we can't blame users for this. They paid a premium for hardware that promised to provide a service. Western Digital suspended the program in 2015, leaving users who wanted to continue to use the devices as advertised with little choice but to expose the devices. Users unwittingly gravitated to the availability leg of the CIA triad (probably without even realizing said triad exists).

"[Murray]

“Remote factory reset command” – what could possibly go wrong? could possibly go wrong? Network-Attached Storage devices should be on a network segment that is not visible to the Internet."

Yes, indeed, "What could possible go wrong?"

From what I have read, avoiding this problem would not require fully isolating the drive from the network. The problem arose when users took advantage of a WD option to make the drive directly accessible remotely. Most external HDs don't have this functionality, and from what I've read, turning this functionality off resolves the problem.

Most HDs are no more vulnerable than the internal drive(s) in the computer, AFAIK.

My strategy is to have a separate local mirror and cloud-based backup. If I want to access my files remotely, I have to take the external drive with me.