It's just come to light that there's a $300 ransom you have to pay because ransomware targeting Microsoft Windows has encrypted your data. What steps do Linux users need to protect from this if for example they are using wine?
This ransomware is widely reported to be based on a tool developed by the NSA to hack into computers. The NSA tool was used by a hacker group called the Shadow Brokers. The code can be found in Github.
Microsoft released a patch (MS17-010) against this vulnerability on March 14, 2017. The mass infection is reported to have begun spreading on April 14th. This is discussed here.
As I haven't booted Windows 8.1 in 6 to 8 weeks, can I apply this patch from Ubuntu without booting Windows first? (After research it may be possible ClamAV could report the vulnerability from the Linux side looking into Windows partition but it's unlikely it could apply the patch. The best method would be to reboot into Windows and apply patch MS17-010.)
Individuals and small companies who subscribe to Microsoft Automatic Updates are uninfected. Larger organizations who delay apply patches as they are tested against organization intranets are more likely to be infected.
On May 13, 2017, Microsoft took the extraordinary step of releasing a patch for Windows XP which has been unsupported for 3 years.
No word if wine is doing anything about a security update. It was reported in a comment below that Linux can be infected too when users run wine.
An "accidental hero" registered a domain name that acted as a kill-switch to the ransomware. I presume the non-existent domain was used by the hackers on their private intranet so they didn't infect themselves. Next time they will be smarter so don't rely on this current kill-switch. Installing the Microsoft patch, which prevents exploiting a vulnerability in the SMBv1 protocol, is the best method.
On May 14, 2017 Red Hat Linux said they are not affected by "Wanna Cry" ransomware. This might mislead Ubuntu users along with Red Hat, CentOS, ArchLinux and Fedora users. Red Hat supports wine which answers below confirm can be effected. In essence Ubuntu and other Linux distro users googling this issue might be mislead by the Red Hat Linux Support answer here.
May 15, 2017 Update. Over the last 48 hours Microsoft released patches called KB4012598 for Windows 8, XP, Vista, Server 2008 and Server 2003 to protect against "Wanna Cry" ransomware. These Windows versions are no longer on automatic updates. Although I applied security update MS17-010 on my Windows 8.1 platform yesterday, my old Vista Laptop still needs patch KB4012598 downloaded and manually applied.
Moderator note: This question is not off topic – it asks about whether or not any Linux users need to do any steps for protecting against the risk.
It is perfectly on topic here, because it's relevant to Linux (which Ubuntu is), and it's also relevant for Ubuntu users running Wine or similar compatibility layers, or even VMs on their Ubuntu Linux machines.
Best Answer
If it helps and to complement Rinzwind's answer, first the questions:
1. How does it spread?
Via Email. 2 friends were affected by it. They send the email to me to test under a supervised environment, so you would basically need to open the email, download the attachment and run it. After the initial contamination, it will systematically check the network to see who else can be affected.
2. Can I get affected by using Wine?
Short answer: Yes. Since Wine emulates almost every behavior of the Windows environment, the worm can actually try to find ways on how it can affect you. The worst case scenario is that depending on the direct access wine has to your Ubuntu system, some or all parts of your home will be affected (Did not fully test this. See answer 4 below), although I see a lot of roadblocks here for how the worm behaves and how it would try to encrypt a non ntfs/fat partition/files and what non-super admin permission would it need to do this, even coming from Wine, so it does not have full powers like on Windows. In any case, it's better to play on the safe side for this.
3. How can I test the behavior of this once I get an email that has it?
My initial test which involved 4 VirtualBox containers on the same network ended in 3 days. Basically on day 0, I contaminated on purpose the first Windows 10 system. After 3 days, all 4 were affected and encrypted with the "Whoops" message about the encryption. Ubuntu on the other hand was never affected, even after creating a shared folder for all 4 guests that is on the Ubuntu desktop (Outside of Virtualbox). The folder and the files in it were never affected, so that's why I have my doubts with Wine and how this can propagate on it.
4. Did I test it on Wine?
Sadly I did (Already had a backup and moved critical job files from the desktop before doing so). Basically, my desktop and music folder were doomed. It did not however affect the folder I had in another drive, maybe because it was not mounted at the time. Now before we get carried away, I did need to run wine as sudo for this to work (I never run wine with sudo). So in my case, even with sudo, only the desktop and the music folder (for me) was affected.
Note that Wine has a Desktop Integration feature where as, even if you change the C: drive to something inside the Wine folder (Instead of the default drive c), it will still be able to reach your Linux Home folder since it maps to your home folder for documents, videos, download, saving game files, etc.. This needed to be explained since I was send a video about a user testing WCry and he changed the C Drive to "drive_c" which is inside the ~/.wine folder but he still got affected on the home folder.
My recommendation if you wish to avoid or at least lower the impact on your home folder when testing with wine is to simply disable the following folders by pointing them to the same custom folder inside the wine environment or to a single fake folder anywhere else.
Am using Ubuntu 17.04 64-Bit, partitions are Ext4 and I have no other security measures apart from simply installing Ubuntu, formatting the drives and updating the system every day.