As the plethora of articles surface, detailing the attack from WannaCrypt on a Windows vulnerability, the consequences of the attack, the retaliation made against it and the aftermath (not over yet though), I know in my heart that many a Linux user sits behind his computer screen with pride, not worried about being infected by such a plebian virus.
Linux doesn’t run Windows programs, and Linux is thusly impervious to such lowly virus applications, right? Wrong. As the title states, if you’re running WINE, it’s quite possible that you can have your files encrypted as well. As demonstrated by @hackerfantastic, the virus runs without an issue on Linux systems.
Great news everyone! WCry 2.0 functions PERFECTLY under Wine, you can infect your Linux desktops too if you are so inclined! 😉 pic.twitter.com/kP2IC8YJ5m
— Hacker Fantastic (@hackerfantastic) May 13, 2017
While WannaCrypt will run under on Linux on all versions of WINE or if certain versions are exempt but it would be safe to assume being careful and installing an antivirus on your Linux installation would be a good idea.
WannaCrypt is effectively a piece of ransomware that encrypts your files with the AES encryption algorithm that’s made headlines worldwide. The virus spreads itself by using the Server Message Block exploit, similar to EternalBlue‘s strategy. Once encrypted, you have 3 hours to pay the ransomware proprietors $300 in bitcoin or face double the price until 6 hours have elapsed and all your files are encrypted forever.
Several large and crucial organizations have been affected by the attack including the National Health Service in England. Turns out all the machines now being affected are running an older-than-Vista version of Windows, the latest of which, being Windows XP, have been end-of-life for at least three years now. Why they’re still running legacy operating systems is beyond me as this poses a massive security risk, as demonstrated by this very infection.
Microsoft has since released a patch for Windows XP as well, though most versions of Windows Vista and up already received the patch when the exploit had been publicized months ago.
Note: While the virus may be able to run on Linux installations under WINE, the vulnerability that exists under Windows is located in the SMB (known as Samba under Linux). Linux’s Samba package is not known to have this vulnerability.
Update/Edit: While the more up-to-date systems may have had their patches released by Microsoft over a month ago, it sometimes takes IT teams several months to apply said patches. In large enterprises, uninterrupted service is absolutely crucial for company success.
For example, Say I was hosting this website on someone else’s server (SquareSpace maybe), and I’m paying for this service. If they apply updates that crash their servers and I’ve just posted an article, well I’m going to be mad. If this happened with something like Facebook, well then I think someone would be absolutely furious and some team gets fired.
For more information about some of the technical details of the WannaCry ransomware virus, go here.