Is my Linux server or desktop affected by WannaCrypt ransomware?

Is my Linux affected by WannaCrypt ransomware?
From my mailbag:

ADVERTISEMENTS

Dear nixCraft,

I run a Debian Linux 8.x on my Desktop and Ubuntu Linux 16.04 LTS on my Linode cloud server for my personal website. I am concerned that my Linux is affected by the recent Wannacrypt malware. I am reading about a ransomware attack, what do I need to do? Should I be worried?

–Concerned Linux User

Dear Concerned Linux User,

Short answer: Ubuntu or Debian are not vulnerable to the flaw. In fact all other Unix-like operating system such as macOS, FreeBSD and others are not vulnerable to the flaw. However, you must take care if you are using Samba software (e.g. disable SMBv1) on Linux or Unix-like system. Make sure you disable SMB version 1 on Windows clients.

Fig.01: Disable SMB v1.0 on MS-Windows

Fig.01: Disable SMB v1.0 on MS-Windows

Long answer: WannaCrypt/WannaCry targets the Microsoft Windows operating system. The attack spreads by phishing emails but also uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA). If you are using older and unsupported operating systems such as Windows XP and Windows Server 2003, you will get infected. All of your files will be encrypted. To get back your files, you need to pay ransom payments in the cryptocurrency Bitcoin. Microsoft has released software updates for Windows XP and Windows Server 2003. You must apply those patches ASAP. In short Linux users are not affected by this attack.

How to protect yourself from ransomware attacks

I recommend that everyone should do the following regardless of operating system:

  1. Backup all your files and data regularly. Ideally you should make three copies of your backup data on two different media. One backup copy must be offline all the time.
  2. Patch your system including BIOS and device drivers
  3. Turn on automatic updates
  4. Do not use outdated and unsupported software
  5. Turn on firewall on both your router and computer
  6. You should turn on anti-virus software on Windows
  7. All Windows XP user should upgrade to the latest version of Microsoft Windows such as Windows 10. All Windows 2003 server user should upgrade to the latest version of Windows server
  8. Avoid using pirated software
  9. See Decentsecurity website, it has a guide that is reasonable for non-techies to understand and follow

See also

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
12 comments… add one
  • Tom May 16, 2017 @ 15:50

    Thank you for not turning this into Linux vs. Windows pissing match. You know some times you need to use Windows. Not everything can be run on Linux ;)

    • Max May 17, 2017 @ 7:21

      Like video games??)))

  • Rk May 16, 2017 @ 15:59

    Does the cyberattack concern Mac OS/iOS users? What about WINE users on Linux? Please clarify.

    • nicu May 17, 2017 @ 8:55

      From my understanding, the file encryptor can be run with WINE, even if that would be stupid and requires manual work. WINE can also be installed on Mac OS, if you want that.

  • Jason May 16, 2017 @ 16:49

    It runs fine on wine though, if you’re inclined to try it out.

  • alex.theoto May 16, 2017 @ 17:40

    If someone have Linux server sharing files on local network with samba, does the ransomware can effect Linux shared files?

  • JFM May 17, 2017 @ 8:59

    Yet another reason to hate Debian users. Since this attack relies on executing Windows code (ie this is not a merit of distribution vendors) ANY other Linux user but a Debian user or perhaps a slightly less sectarian Ubuntu user would have said “Linux is not affected in fact no flavor of Unix is affected” (could even have said no other system than Windows). Instead he “accidentally” “forgets” other Linux flavors but doesn’t forget mentioning that proprietary POS named MacOS.

    Now I wouldn’t rant if this (disparaging of other distributions or describing features inherent to Linux as specific to Debian) were not a pattern that has been happening time and again for twenty years.

  • Simon May 18, 2017 @ 1:45

    Hi, you state “However, you must take care if you are using Samba software on Linux or Unix-like system. Make sure you disable SMB version 1 on Windows clients.”.
    If you do this mounting the Windows directories stops working on your Linux machine and your shares on your Linux machine are not available on your Windows machine.
    Can you point to a tutorial explaining how to configure Linux to use SMBv2 or SMBv3? I have Ubuntu Mate 16.04 and several Windows 10 machines. Every tutorial I could find explains how to use and configure SMBv1/CIFS.

    • 🐧 Vivek Gite May 18, 2017 @ 6:26

      Edit your samba config file and find the [global] section of smb.conf. Add the following line:

      min protocol = SMB2

      Save and close the file. Restart the samba/smb service on Linux. This should force smb2 for all Linux/Unix/Windows/MacOS clients.

  • Eddie G. May 18, 2017 @ 2:22

    So glad I run Linux on all my desktops and laptops. And I don’t connect to any MS shares….so no need for SAMBA and the like!! I guess there are some benefits to running Linux as your daily driver!..

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.