Case Study | Western Digital MyBook Live NAS Drives Recovered After Malicious Factory Reset
Western Digital MyBook Live NAS Drives Recovered After Malicious Factory Reset
Western Digital looks into potential hack on MyBook Live and MyBook Live Duo NAS drives.
The alleged attack remotely forced a factory reset for thousands of drives around the world starting back on June 23rd. Western Digital currently has not offered a solution to the issue, stating support for the MyBook Live drives ended back in 2015. First recommendation: Disconnect your MyBook Live from the internet!
Multiple users reported that the data loss coincided with a factory reset that was performed on their devices. This is how a log looks like, showing unexplained behavior of WD My Book Live:
- Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script:
- Jun 23 15:14:05 MyBookLive shutdown[24582]: shutting down for system reboot
- Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start
- Jun 23 16:02:29 MyBookLive _: pkg: wd-nas
- Jun 23 16:02:30 MyBookLive _: pkg: networking-general
- Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav
- Jun 23 16:02:31 MyBookLive _: pkg: date-time
- Jun 23 16:02:31 MyBookLive _: pkg: alerts
- Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive
- Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api
When a file is deleted, one might be under the impression that it’s permanently gone. However, that is not always the case. Even in this instance where malicious hacking causes a factory reset for thousands of NAS drives, the deletion of data is still not permanent. ACE Data Recovery can help. We would first recommend you power down the device, and do not use it anymore until you are able to get the drive into one of our full service data recovery labs. This will help ensure that we can recovery the most data possible from the drive. Using it after a factory reset runs the chance of overwriting what data the drive has stored. Our client, Ted, shares his experience from beginning to end how in the end he was able to save his invaluable data.
“Hi, I’m Ted B., like other people, I woke up to find that my MyBook Live NAS had been completely wiped. I know I didn’t do anything to cause this and I was at my wits end figuring out where to go from here. This was my one and only backup of all my family photos, videos, work files, you name it. It was the only copy I had, so you can imagine how panicked I was...
Shortly after I called my IT guy to see what could be done. We reached out to Western Digital where I saw other people having the same issue I was(!) and that there was nothing they could do to help as they are looking into the issue themselves. Unsure how to proceed at that point, we decided it would be in our best interest to reach out to the professionals. I looked up best data recovery companies and my area and low and behold, ACE Data Recovery had the best reviews, so I decided to give them a call.
When we spoke on the phone, the customer service rep had already caught wind of others having the same issue (apparently this had happened to people worldwide, they had only just started hearing about it)! But was confident they could take a look at it. When I brought it in they said they would scan it and let me know what could be done from there.
I chose to expedite the process, there were work files that I needed for a project I was working on. The next morning I got the good news that were able to see my data! Moving forward with the recovery (with an assurance that if they couldn’t get anything back I wouldn’t be charged) I was very hopeful, and within the following days I got 97% of my data back! Apparently the factory reset caused a small portion of my drive to be overwritten, but still! ACE saved everything that was important to me! Just wanted to express my gratitude to a company went above and beyond for me and my family, thank you!”
Factory reset NAS drives can be recovered, it’s just a matter of taking it to the right people with the best tools. ACE Data R&D Team has developed proprietary imaging software that is exceedingly effective in these situations. Just ask ACE’s General Manager, Don Wells, he stated the following: “We are recovering Western Digital NAS appliances for years and “factory reset” one of the common situation, created by human error, faulty firmware upgrade and so on. The malicious factory reset of My Book Live is just example of situation when our service can help. Similar vulnerabilities found on NetGear Stora and Seagate GoFlex Home NAS appliances. Deleted and reformatted data is nothing new for us, whether it’s a single hard drive or multiple in a RAID setup, we have been successful in our attempts for years and will continue to do so.”
If your MyBook Live or MyBook Live Duo has been breached and reset, do not attempt to run software on it or write new data to the drive, reach out to ACE at 877-304-7189 to discuss what the next best step is with one of our technical specialists.