While the tech world was all set to celebrate another weekend on May 12, WannaCry ransomware surfaced online. It spread across over 150 countries around the globe (including India and the US) and infected more than 230,000 computers in less than a week’s time. Though the cyberattack targeted systems with Microsoft Windows, it has something that needs attention from Linux users as well.
WannaCry uses the EnternalBlue exploit in dated Windows platforms to gain backdoor access and then transfer the ransomware package. Instead of merely showing a message on the startup screen, the attack uses the modern way and encrypts data files stored on the infected system to resist end users. It also includes a “transport” mechanism that compromises the Server Message Block (SMB) protocol to let the ransomware easily expand from one system to another.
Interconnection impacts adversely…
Although the vulnerabilities within older Windows versions were primarily allowing WannaCry to grow its presence, the interconnected environment scatters the negative effect even to the open source world to some extent.
“In today’s interconnected environment, you could have a Windows server connected to share drives on Linux servers. This connectivity makes Linux systems prone to attacks like WannaCry,” says Sharda Tickoo, technical head, Trend Micro.
Just like Tickoo, Rajarshi Bhattacharyya of SUSE Linux also believes some negative impression of WannaCry on Linux.
“There will be no direct impact on Linux users. However, the protocol (SMB protocol) that it uses is interoperable and can use Linux systems as intermediaries to spread,” explains Bhattacharyya, country head at SUSE India.
Apart from leveraging the vulnerable interoperability through the SMB protocol, experts consider that WannaCry attackers can hit any Linux VM (virtual machine) running a Windows Host.
…but frequent updates protect!
Despite being susceptible to the ransomware, regular kernel updates and security patches on a daily basis make Linux a more protective platform than Windows. “Linux code maintainers keep Linux system very secure and protected from regular attacks,” says Bhattacharyya.
The executive adds that commercially-supported Linux systems receive “every available security fix” that help enable a secure experience.
But all this does not mean that Linux is purely protected from cyberattacks and ransom malware developments.
“There will be a ransom malware created for Linux and Apple OS X platform in the future,” estimates Aleks Gostev, chief security expert, Kaspersky Lab.
Tickoo, who heads the technology function for Trend Micro India and SAARC, believes that 100 percent patching is not easy to achieve on any operating system. “Vulnerabilities exist in all operating systems and unfortunately 100 patching is not easy to achieve in most of the enterprise solutions. Hence, no operating system is immune to these attacks,” she said.
Tips to secure
While the future protection is in the blur, you still have the space to make your present safe and secure by implementing certain recommendations. If you are using an old Windows system, you need to install the official patch that has been released by Microsoft to fix all the vulnerabilities enabling WannaCry. “Patching is critical for defending against attacks that exploit security flaws,” states Tickoo.
In addition to patching the flaws, users are recommended to deploy firewalls and monitor attacks in their network. An open source tool also recently emerged that helps you decrypt your infected files. Dubbed WannaKey, the solution performs RSA key recovery on Windows XP to crack the encryption.
Similarly, you can take help from virtual machines to protect your precious files. While Linux VMs running a Windows Host are apparently vulnerable to WannaCry attacks, you can utilised the advanced technology to add protection by running a Windows operating system as a VM in Linux.
You can additionally use compatibility software package called Wine to run Windows apps on your Linux without the fear of the ransomware. Furthermore, open source technologies like VirtualBox and Docker are available to bring the proprietary world to your system sans the vulnerability.