How to further protect my Linux against WannaCry

WannaCry, lock screen

In recent days the news about WannaCry, the "famous Telefónica virus", has been taking over the most important technology websites worldwide. And it is that Windows, whether we want it or not, is still among us. Long ago we told you what would have happened if Telefónica had used Linux instead of Windows.

Today, that makes little sense, but Yes, we can look and change things so that WannaCry does not affect our personal networks Or at least we are not a transmitter of the ransomware.

WannaCry cannot run on Gnu / Linux but it can spread

Any distribution of Gnu / Linux is immune to WannaCry (at least for the moment), since it cannot be executed, but it can be an element that infects other Windows computers through the same network. To avoid this, the first recommendation is to cut all connections to Windows networks. Today, thanks to the cloud, there are many ways to connect computers and files without having to be on the same network. A good tool for this would be TeamViewer or any other application of Remote Desktop.

In essence you have to block SambaBecause it is through the protocol used by this program that WannaCry acts and communicates. To stop the Samba service, which we can do by typing the following in the terminal:

service samba stop

With this we can stop the contagion between computers on the same network and if we are system administrators or use a server, the best thing is isolate Windows computers from the network.

This does not mean that they cannot work but that their communication with the rest of the Linux computers will be different, or through the cloud with applications such as Dropbox or NextCloud, either remotely or through the web browser. The result is the same but slower and more secure.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

19 comments, leave yours

Leave a Comment

Your email address will not be published.

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Jousseph said

    I developed a program that encrypts files in Gnu / Linux called crypto - ((jou)) of course not to extort money but rather for their security, it is developed under Gambas Linux.

    This program manipulates the program written in c called GPG that encrypts the files by console in gpg format with password and in aes encryption.

    1.    Well look how good said

      And what differences does it have over gpg, encfs, luks, cryptkeeper, etc? GNU / Linux has many programs for encrypting files.

  2.   And give said

    Let's see if I explain it to you so that you understand ... IN LINUX YOU DO NOT HAVE TO DO ANYTHING SINCE THE RAMSONWARE EXECUTABLE DOES NOT RUN IN LINUX. IT CANNOT BE EXECUTED, IT CANNOT BE SPREAD. HOW WILL A LINUX VIRUS SPREAD BY SAMBA IF IT IS NOT ACTIVATED IN LINUX ?. Unless you take the executable and copy it manually to a folder on a windows system across the network and run it from there on purpose, there is no other way to pass it from linux to windows. The virus code being incompatible with Linux does not activate automatically. In any case, what you have to do is prevent the windows on the network from passing it on to each other. DISCONNECT FROM THE NETWORK TO THE WINDOWS, WOOD.

    1.    Serge Perea said

      Yes and no. I understand that if you have Samba activated, it is because you have shared folders between several PCs, so that these shared folders, despite being on Linux, can be used to spread the virus through the Windows computers that access them.

      Anyway, the solution proposed in the article is outrageous, at least if you propose it as a prevention method. Stop sharing files in a company? And that's it? Is that what you propose? Man, a bit obvious, there are less aggressive things like forcing the SAMBA service to use the SMB2 protocol and disabling SMB1 which was the one that contained the vulnerability:

      min protocol = SMB2 in smb.conf

      1.    What you want said

        Check it.

        1.    SergioP. said

          of course I have, if you mount it in a virtual machine you are not going to blow up your house, man. xDD

      2.    I start to feel afraid said

        I understand that if you have shared folders on Linux you are using Linux as a Samba server. I also understand that if the files contained in these shared folders are executed if you access them from Windows, it is because you have full permissions assigned to the users who access them. So you have given full permissions to users, including guests, to access those folders from the network ... read, write, ... execution permissions ... gee ... surely even without asking for a password. Do you work at Telefónica? You put a security door, distribute the keys to your neighbors and also notify them when you are going to be home and when you are not. Curious. It comforts me to think that it could be worse.

        1.    Serge Perea said

          "Do you work at Telefónica?"

          I don't work at Telefónica, and I don't know why you draw that conclusion, because in my comment I have not defended or advertised Telefónica, or at least it was not my intention. In my life I have worked in many computer companies, and it is difficult not to end up in a project that has to do with that company, but at least today and for many years I have not even remotely anything to do with telephone and less with issues of security.

          Let's see, because I think you mix some concepts: the attack from the other day, it is actually the combination of two things:

          1. A ramsonware. That is, an executable that when you run it encrypts all the documents. So, roughly explained.
          2. A worm: this is basically a program that spreads ramsonware over the network without the user doing anything or even noticing. To do this, it uses a vulnerability in the SMB1 protocol, the one used by the old Windows XP and the one that is still used in many networks in which the network has not been updated or secured.

          Indeed, if you have network drives mounted with shared folders, the ramsonware can encrypt the documents for you.

          "I also understand that if the files contained in these shared folders are executed if you access from Windows, it is because you have full permissions assigned to the users who access them." . You assume a lot, there is no reason to do that. That, in fact, is badly done. Unfortunately it is quite frequent.

          In any case, what really caused alarm and made people from various companies go home is not the fact that a ramsonware encrypted some shared folders, but the fact that the worm spread freely on the network to everyone computers using a vulnerability of Windows, not Linux, not even Samba: Windows. As I said, the solution is not to load the Samba service, that is nonsense. That the article proposes to turn off all computers and go back to the Middle Ages, you'll see how WannaCry ends (irony).

  3.   Tank said

    Total ignorance of the author of this article. Not only is the Linux smb implementation not vulnerable, but the problem with Windows is that the virus enters through smb, but to spread it must be run. There is no use in making articles this way.

  4.   Swift said

    Yeah, what if you have no choice but to use SMB to share files? what are you doing?

  5.   Joselp said

    If it cannot be executed, how is it going to spread ????

  6.   Windows Addicts said

    A couple of things or tips. The commands to start services vary depending on the distributions you use. If you want to stop samba in Arch the command would be "/etc/rc.d/samba stop", in debian "/etc/init.d/samba stop" and in devuan when not using systemd it will be another ... but hey, this is the least. As I see you something lost and burning with the desire that wannacry release its version 1.0 for gnu / linux, in deb or rpm packages, and waiting for it to be available in the repositories does not hurt more than to fight against WannaCry and save back up your files, UPDATE WINDOWS AND LEAVE LINUX ALONE. Without acrimony.

  7.   sergio said

    Suppose you run a ramsoware on a windows machine, find a shared folder via smb from a GNU / Linux pc, then enter another windows pc into the same folder and spread without affecting anyone other than Microsoft's spawn.

  8.   Elvis said

    Already in the previous article a string of inaccuracies was said, two things would be good, that the one who writes these articles is informed more because they seem to be written based on conclusions that he himself imagined and second, it would also be good that if he believes so much in what he he says give us a demonstration and shut our noses.
    Linux and WannaCry incompatibility already explained but you don't understand.
    regards

  9.   jose_6_2 said

    The explanation for this string of nonsense is in the author's profile. Historian. That is, it tells stories, not technical articles. Insert a CD and give next - next to install linux distros, it does not give the minimum necessary knowledge.

  10.   tobeornot said

    Has none of you who have criticized the possibility that Linux is running WINE?

    Wannacry affects WINE 100% tested.

    1.    And if my grandmother had wheels she would be a bicycle said

      And have you tried shooting a cropped one directly at the CPU? 100% purchased that works.

      1.    tobeornot said

        It is not at all unreasonable that linux has wine running, so there is the possibility that in the end the files handled by linux will be infected and also spread over the network.

  11.   Hussein Mx said

    I really don't believe what is mentioned in this article since the ransomware was running due to a Windows vulnerability that had the SMBv1 service, so with a patch that fixes this, without disabling samba. I know Linux is a better option, greetings.