
Stickies No stickies found.Random Comment Comment #9279 i want to get the game from toysrus at some point, i have a 10$ gift card from when i bought the dsi xl for vikie and they\'ll match bestbuy\'s price if i can find a flyer. so it would come up to about 35$ before tax
|
|
WD MyCloud EX2 hit by .Checkmate ransomewareat 15:43 - 27th, February 2023I've been having trouble finding anything online about this but I think I've gotten to the bottom of it.
First the background of what's going on. In our little office, we have a WD My Cloud Ex2 as a Network attached storage for filesharing inside the office. It worked great! Swappable hard drives, pretty robust OS with decent web based interface and had vpn capabilities for remote access. Can even do remote back ups and USB backups. Then the shit started. Someone found a major whole in their security and was able to push ransomware onto the thing. Not a big deal since we do backups and just erased things with minimal loss and restored from last back up. I updated firmware and thought, that's the last of that. Nope, happened again about 2 weeks later, then another 2 months later. Then WD updated their firmware and killed remote access to certain devices like our EX2. An annoyance but we'll just ftp in. Then we were hit again. So now the device is completely closed to the outside world. After years of use I decided to upgrade the HDD to an SSD, bought a specific NAS centric SSD and spent the weekend transferring files. I was able to copy all user config from old hard drive to new set up with 2 clicks but had to recreate all shares from scratch and upload data onto the SSD in appropriate shares. Time consuming but not the end of the world. Everything worked, and brought the EX2 back to the office and this morning, ransomware again. It's always the same bloody ransomware with the same bloody message. Something called .checkmate. All it does is just encrypts all the files on the share with a .checkmate extension and you cannot access unless you pay the 15000US of bitcoin. I don't deal with terrorist so fuck that. I think I know how the ransomware got on, but am not 100% certain. I think it got on through someones computer, not a backdoor or hacking of the EX2 itself. The .checkmate only affects certain shares which leads me to believe it was from a specific users account. I don't think he ever set up his account or used a weak password and that's pretty much how they got in. I can't prove this though, just speculation. The other idea is that it's infected the OS of the EX2 and that's how it keeps showing up. But the problem with that is that why not infect the entire drive, meaning all the shares? All I know is that I've had to spend my morning copying information back and forth for a 3rd time in 3 days. To remedy the situation, I'm erasing the specific shares, copying said info back and will update the antivirus or at worst reformat the offending users pc and see if that makes a difference. I thought all of this was note worthy because I haven't really been able to find anything that helps online, so maybe someone out there will read this and know what to do in the future. Similar posts
Western Digital releases software to address
Aha! This is exactly what I was talking about and why I wanted to wait for upgrading to Ma... Cloud based storage for the office, without g
So we have a WinXP server running as a fileserver here in the office. Just Windows XP Pro ... My HDD is failing
My 3tb Hard drive (Western Digital I believe) is failing. It has all of my go pro f... Introducing Seagate Mach.2
(media inside) Montreal on NASA Picture of the day
Check it out, Montreal made NASA's picture of the day. The picture was taken using a Niko... Trance Fridays #157 - Matt Bowdidge - No room
(media inside) ![]() News comment 2 | User comment 4939 | 15:45 - 5th, Mar 2023 Hit the nail on the head. Looks like it was my uncle's account on the NAS. It's the only account that had access to everything that was affected. He's going to reformat his pc and we'll see what happens.
![]() News comment 3 | User comment 4939 | 15:47 - 5th, Mar 2023 I've restricted his access for now. Hopefully won't happen again. The really interesting thing though is that his pc was off during these times, so wondering if the nas has been permanently infected with something, and if that's the case, have the back ups as well? I can't find a way to reformat the nas itself since it has an on board os that I don't really have access to aside from resetting to factory defaults.
Who knows, might be time to bite the bullet and get something beefier? ![]() News comment 4 | User comment 1346 | 6:31 - 6th, Mar 2023 I don't know the WD products at all, the Synology NASes are pretty solid, we use these at work, and have built in anti-virus. QNAP are pretty good as well. Won't necessarily stop this from happening again however, ransomware is pretty nasty stuff.
|
Recent Comments
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() On this day
![]() ![]() ![]() ![]() ![]() ![]() Recent Tags the blackening movies trailers racism Video games remaster star wars dark forces night dive studios zack snyder dune rebel moon cg scifi space opera nft auctions idiots lawsuits NASA asteroids comets DART world extinction event darwin award Western Digital Hard drive Solid state drive price drops amazon World Order music videos dance music japanese music robots walking funny LG G8 android iOS iphone
TOP 20
Mini PortMini Bison Burn Me Stream Tear (1280x1024) Rise Peace Cityscape Zelda's Crest Alone Cold Streaming Light Tower - BG Pond Dreams Fade Sunset Blood Sirqles 9th Angel Three Travellers Recent Added Art
Mini PortMini Bison Citadel Mini Hallstatt Mini Zelda's Crest Tower - BG Cold Dreams Fade Streaming Light Stalactites High Ground Pond Moons OctoMod Three Travellers Stream Sunset Strain Outside Sign Road Sign |
News comment 1 | User comment 1346 | 9:28 - 1st, Mar 2023
windows users (especially with admin rights) should be restricted to only people who know what they're doing