Is my Linux server or desktop affected by WannaCrypt ransomware?

Posted on in Categories Security last updated May 18, 2017

Is my Linux affected by WannaCrypt ransomware?
From my mailbag:

Dear nixCraft,

I run a Debian Linux 8.x on my Desktop and Ubuntu Linux 16.04 LTS on my Linode cloud server for my personal website. I am concerned that my Linux is affected by the recent Wannacrypt malware. I am reading about a ransomware attack, what do I need to do? Should I be worried?

–Concerned Linux User

Dear Concerned Linux User,

Short answer: Ubuntu or Debian are not vulnerable to the flaw. In fact all other Unix-like operating system such as macOS, FreeBSD and others are not vulnerable to the flaw. However, you must take care if you are using Samba software (e.g. disable SMBv1) on Linux or Unix-like system. Make sure you disable SMB version 1 on Windows clients.

Fig.01: Disable SMB v1.0 on MS-Windows
Fig.01: Disable SMB v1.0 on MS-Windows

Long answer: WannaCrypt/WannaCry targets the Microsoft Windows operating system. The attack spreads by phishing emails but also uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA). If you are using older and unsupported operating systems such as Windows XP and Windows Server 2003, you will get infected. All of your files will be encrypted. To get back your files, you need to pay ransom payments in the cryptocurrency Bitcoin. Microsoft has released software updates for Windows XP and Windows Server 2003. You must apply those patches ASAP. In short Linux users are not affected by this attack.

How to protect yourself from ransomware attacks

I recommend that everyone should do the following regardless of operating system:

  1. Backup all your files and data regularly. Ideally you should make three copies of your backup data on two different media. One backup copy must be offline all the time.
  2. Patch your system including BIOS and device drivers
  3. Turn on automatic updates
  4. Do not use outdated and unsupported software
  5. Turn on firewall on both your router and computer
  6. You should turn on anti-virus software on Windows
  7. All Windows XP user should upgrade to the latest version of Microsoft Windows such as Windows 10. All Windows 2003 server user should upgrade to the latest version of Windows server
  8. Avoid using pirated software
  9. See Decentsecurity website, it has a guide that is reasonable for non-techies to understand and follow

See also

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

12 comment

  1. So glad I run Linux on all my desktops and laptops. And I don’t connect to any MS shares….so no need for SAMBA and the like!! I guess there are some benefits to running Linux as your daily driver!..

  2. Hi, you state “However, you must take care if you are using Samba software on Linux or Unix-like system. Make sure you disable SMB version 1 on Windows clients.”.
    If you do this mounting the Windows directories stops working on your Linux machine and your shares on your Linux machine are not available on your Windows machine.
    Can you point to a tutorial explaining how to configure Linux to use SMBv2 or SMBv3? I have Ubuntu Mate 16.04 and several Windows 10 machines. Every tutorial I could find explains how to use and configure SMBv1/CIFS.

    1. Edit your samba config file and find the [global] section of smb.conf. Add the following line:

      min protocol = SMB2

      Save and close the file. Restart the samba/smb service on Linux. This should force smb2 for all Linux/Unix/Windows/MacOS clients.

  3. Yet another reason to hate Debian users. Since this attack relies on executing Windows code (ie this is not a merit of distribution vendors) ANY other Linux user but a Debian user or perhaps a slightly less sectarian Ubuntu user would have said “Linux is not affected in fact no flavor of Unix is affected” (could even have said no other system than Windows). Instead he “accidentally” “forgets” other Linux flavors but doesn’t forget mentioning that proprietary POS named MacOS.

    Now I wouldn’t rant if this (disparaging of other distributions or describing features inherent to Linux as specific to Debian) were not a pattern that has been happening time and again for twenty years.

  4. If someone have Linux server sharing files on local network with samba, does the ransomware can effect Linux shared files?

  5. Does the cyberattack concern Mac OS/iOS users? What about WINE users on Linux? Please clarify.

    1. From my understanding, the file encryptor can be run with WINE, even if that would be stupid and requires manual work. WINE can also be installed on Mac OS, if you want that.

  6. Thank you for not turning this into Linux vs. Windows pissing match. You know some times you need to use Windows. Not everything can be run on Linux ;)

Comments are closed.