If the vulnerability to exploit is in the browser (or plugin it uses) then yes. They're just as exploitable as their counterparts on Windows and OSX. There are of course plenty of single-platform examples too but many Flash (for example) exploits are cross-platform.
Thankfully most exploits are just droppers (to install something else on the computer) and most of those aren't compatible with Linux. But you shouldn't get complacent and get cocky. Web security applies to everybody. Just because people aren't targeting you today, doesn't mean they never will.
There are antivirus products for Linux (AVG, ClamAV) that go some way to detect bad things but the market hasn't caught up with Desktop Linux users yet IMO.
If it helps and to complement Rinzwind's answer, first the questions:
1. How does it spread?
Via Email. 2 friends were affected by it. They send the email to me to test under a supervised environment, so you would basically need to open the email, download the attachment and run it. After the initial contamination, it will systematically check the network to see who else can be affected.
2. Can I get affected by using Wine?
Short answer: Yes. Since Wine emulates almost every behavior of the Windows environment, the worm can actually try to find ways on how it can affect you. The worst case scenario is that depending on the direct access wine has to your Ubuntu system, some or all parts of your home will be affected (Did not fully test this. See answer 4 below), although I see a lot of roadblocks here for how the worm behaves and how it would try to encrypt a non ntfs/fat partition/files and what non-super admin permission would it need to do this, even coming from Wine, so it does not have full powers like on Windows. In any case, it's better to play on the safe side for this.
3. How can I test the behavior of this once I get an email that has it?
My initial test which involved 4 VirtualBox containers on the same network ended in 3 days. Basically on day 0, I contaminated on purpose the first Windows 10 system. After 3 days, all 4 were affected and encrypted with the "Whoops" message about the encryption. Ubuntu on the other hand was never affected, even after creating a shared folder for all 4 guests that is on the Ubuntu desktop (Outside of Virtualbox). The folder and the files in it were never affected, so that's why I have my doubts with Wine and how this can propagate on it.
4. Did I test it on Wine?
Sadly I did (Already had a backup and moved critical job files from the desktop before doing so). Basically, my desktop and music folder were doomed. It did not however affect the folder I had in another drive, maybe because it was not mounted at the time. Now before we get carried away, I did need to run wine as sudo for this to work (I never run wine with sudo). So in my case, even with sudo, only the desktop and the music folder (for me) was affected.
Note that Wine has a Desktop Integration feature where as, even if you change the C: drive to something inside the Wine folder (Instead of the default drive c), it will still be able to reach your Linux Home folder since it maps to your home folder for documents, videos, download, saving game files, etc.. This needed to be explained since I was send a video about a user testing WCry and he changed the C Drive to "drive_c" which is inside the ~/.wine folder but he still got affected on the home folder.
My recommendation if you wish to avoid or at least lower the impact on your home folder when testing with wine is to simply disable the following folders by pointing them to the same custom folder inside the wine environment or to a single fake folder anywhere else.
Am using Ubuntu 17.04 64-Bit, partitions are Ext4 and I have no other security measures apart from simply installing Ubuntu, formatting the drives and updating the system every day.
Best Answer
No, I would assume the data is your personal data and "sudo" is needed for system files.
No. Data is data. Encryption plays no part: the ransomware will lock the data itself
Yes. They would not be able to VIEW the data but that was not their intention. Nor is encryption in any way important: they lock your "container".
Someone first has to create a situation where you and many others are willing to download and install their software. That is a hurdle even virus software writers have not been able to take.
The whole idea of ransomware is to target as many users as possible in the shortest time frame possible.
As soon as 1 Linux user gets targeted and they actually get his/her data tainted all hell would break loose and within minutes all of us will get informed in some sort of way. Look at what happened when the OpenSSL bug appeared. In a matter of minutes all the IT websites had a story to tell. Same with the kernel bug that appeared 2 days ago. Everyone jumped on it. If it happens I do not see this happening to more than a few users. By then all of us got informed or if possible there will be a fix for the method they used (like a hole in the kernel or in a browser that they exploited).
Most of us use Ubuntu Software Center. How likely is it that this malware ends up in Ubuntu Software Center? Next we use PPAs. The information for those PPAs we get from sites like omg.ubuntu.co.uk or webupd8 or from trusted Ubuntu channels.
That is also the difference between Linux/Ubuntu and Windows: Windows users are told to download and install software from any website they can find it. We mostly do not do that. So the amount of crap you can download for Windows is several times higher than for any other operating system. Makes Windows an easier target.