From my mailbag:
I run a Debian Linux 8.x on my Desktop and Ubuntu Linux 16.04 LTS on my Linode cloud server for my personal website. I am concerned that my Linux is affected by the recent Wannacrypt malware. I am reading about a ransomware attack, what do I need to do? Should I be worried?
–Concerned Linux User
Dear Concerned Linux User,
Short answer: Ubuntu or Debian are not vulnerable to the flaw. In fact all other Unix-like operating system such as macOS, FreeBSD and others are not vulnerable to the flaw. However, you must take care if you are using Samba software (e.g. disable SMBv1) on Linux or Unix-like system. Make sure you disable SMB version 1 on Windows clients.
Long answer: WannaCrypt/WannaCry targets the Microsoft Windows operating system. The attack spreads by phishing emails but also uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA). If you are using older and unsupported operating systems such as Windows XP and Windows Server 2003, you will get infected. All of your files will be encrypted. To get back your files, you need to pay ransom payments in the cryptocurrency Bitcoin. Microsoft has released software updates for Windows XP and Windows Server 2003. You must apply those patches ASAP. In short Linux users are not affected by this attack.
How to protect yourself from ransomware attacks
I recommend that everyone should do the following regardless of operating system:
- Backup all your files and data regularly. Ideally you should make three copies of your backup data on two different media. One backup copy must be offline all the time.
- Patch your system including BIOS and device drivers
- Turn on automatic updates
- Do not use outdated and unsupported software
- Turn on firewall on both your router and computer
- You should turn on anti-virus software on Windows
- All Windows XP user should upgrade to the latest version of Microsoft Windows such as Windows 10. All Windows 2003 server user should upgrade to the latest version of Windows server
- Avoid using pirated software
- See Decentsecurity website, it has a guide that is reasonable for non-techies to understand and follow