StickiesNo stickies found.
WD MyCloud EX2 hit by .Checkmate ransomewareat 15:43 - 27th, February 2023
I've been having trouble finding anything online about this but I think I've gotten to the bottom of it.
First the background of what's going on.
In our little office, we have a WD My Cloud Ex2 as a Network attached storage for filesharing inside the office. It worked great! Swappable hard drives, pretty robust OS with decent web based interface and had vpn capabilities for remote access. Can even do remote back ups and USB backups.
Then the shit started.
Someone found a major whole in their security and was able to push ransomware onto the thing. Not a big deal since we do backups and just erased things with minimal loss and restored from last back up. I updated firmware and thought, that's the last of that. Nope, happened again about 2 weeks later, then another 2 months later. Then WD updated their firmware and killed remote access to certain devices like our EX2. An annoyance but we'll just ftp in. Then we were hit again. So now the device is completely closed to the outside world.
After years of use I decided to upgrade the HDD to an SSD, bought a specific NAS centric SSD and spent the weekend transferring files. I was able to copy all user config from old hard drive to new set up with 2 clicks but had to recreate all shares from scratch and upload data onto the SSD in appropriate shares. Time consuming but not the end of the world.
Everything worked, and brought the EX2 back to the office and this morning, ransomware again.
It's always the same bloody ransomware with the same bloody message. Something called .checkmate. All it does is just encrypts all the files on the share with a .checkmate extension and you cannot access unless you pay the 15000US of bitcoin. I don't deal with terrorist so fuck that.
I think I know how the ransomware got on, but am not 100% certain.
I think it got on through someones computer, not a backdoor or hacking of the EX2 itself. The .checkmate only affects certain shares which leads me to believe it was from a specific users account. I don't think he ever set up his account or used a weak password and that's pretty much how they got in. I can't prove this though, just speculation.
The other idea is that it's infected the OS of the EX2 and that's how it keeps showing up. But the problem with that is that why not infect the entire drive, meaning all the shares?
All I know is that I've had to spend my morning copying information back and forth for a 3rd time in 3 days.
To remedy the situation, I'm erasing the specific shares, copying said info back and will update the antivirus or at worst reformat the offending users pc and see if that makes a difference.
I thought all of this was note worthy because I haven't really been able to find anything that helps online, so maybe someone out there will read this and know what to do in the future.
Western Digital releases software to address
Aha! This is exactly what I was talking about and why I wanted to wait for upgrading to Ma...
Cloud based storage for the office, without g
So we have a WinXP server running as a fileserver here in the office. Just Windows XP Pro ...
My HDD is failing
My 3tb Hard drive (Western Digital I believe) is failing. It has all of my go pro f...
Introducing Seagate Mach.2
Montreal on NASA Picture of the day
Check it out, Montreal made NASA's picture of the day. The picture was taken using a Niko...
Trance Fridays #157 - Matt Bowdidge - No room
Recent CommentsZack Snyder's take on ...
StarWars Dark Forces R...
Users / "owners" sue a...
My HDD is failing
Houston, we may have a...
World Order Mind shift
Nintendo kind of anno...
A little bit of histor...
Music to listen to
Mario Wonder Trailer
Final Fantasy VII - Re...
World's smallest Gamec...
Edge send image links ...
Favorite things on sit...
"New" Sonic the Hedgeh...
Apple VR / AR headset
Super Mario Bros. Movi...
Buying a vehicle in St...
Top News This MonthThe blackening
On this dayNeed a Nanny?
MegaMan 9 Released f...
Sim City Creator
Lost in Blue: Shipwr...
Producer tries to ex...
Recent Tagsthe blackening movies trailers racism Video games remaster star wars dark forces night dive studios zack snyder dune rebel moon cg scifi space opera nft auctions idiots lawsuits NASA asteroids comets DART world extinction event darwin award Western Digital Hard drive Solid state drive price drops amazon World Order music videos dance music japanese music robots walking funny LG G8 android iOS iphone
TOP 20Mini Port
Tower - BG
Recent Added ArtMini Port
Tower - BG