After several Western Digital My Book Live NAS owners all over the world noticed that their devices have been mysteriously wiped clean overnight, Western Digital has declared that it might have been targeted with malicious software.

Western Digital has made a few popular My Book external storage solutions, but the My Book Live became popular for one unique feature. It connected directly to a router through an Ethernet cable, enabling users to access data from the driver remotely.

Of course, that also comes with a higher risk of getting attacked, which may be what happened in this case.

Some users report on Western Digital Community Forums that their devices seem to have been factory reset, while others state they are seeing a page asking for a password they don’t know.

Password no longer working in My Book Live


Here are some of the WD My Book owner posts:

I have a WD My Book live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seem there but empty. Previously the 2T volume was almost full but now it shows full capacity.

The even strange thing is when I try to log into the control UI for diagnosis I was only able to get to this landing page with an input box for “owner password”. I have tried the default password “admin” and also what I could set for it with no luck.


Another user said that they found the following script in the user.log of their drive:

“Jun 23 15:14:05 MyBookLive begin script:

Jun 23 15:14:05 MyBookLive shutdown[24582]: shutting down for system reboot

Jun 23 16:02:26 MyBookLive begin script: start

Jun 23 16:02:29 MyBookLive _: pkg: wd-nas

Jun 23 16:02:30 MyBookLive _: pkg: networking-general

Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav

Jun 23 16:02:31 MyBookLive _: pkg: date-time

Jun 23 16:02:31 MyBookLive _: pkg: alerts

Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive

Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api”

Unlike QNAP devices, which are frequently connected to the Internet being vulnerable to cyber assaults such as the QLocker Ransomware, the Western Digital My Book devices are stored behind a firewall and communicate via the My Book Live cloud servers to offer remote access.

It is obvious that the attacker’s intention was to cause damage as nobody has reported any ransom requests yet.

However, Western Digital didn’t reveal who might be responsible for distributing the software, or whether the organization itself has been compromised by a cyberattack.

All the Western Digital My Book NAS device owners are urged to disconnect the devices from the network until more details about the incident will be revealed.

Qlocker Ransomware Group Ceased Operating After Collecting $350,000 from Its Victims

Qlocker Ransomware Attack Uses 7zip to Encrypt QNAP Devices

NAS Devices Still Targeted by Brute-Force Attacks, QNAP Warns

Leave a Reply

Your email address will not be published. Required fields are marked *