Is it possible, or will this only spread via a Windows machine serving over SMB?
If Linux serving over SMB can spread wannacrypt, what's the approach to take?
Is it possible, or will this only spread via a Windows machine serving over SMB?
If Linux serving over SMB can spread wannacrypt, what's the approach to take?
In general any ransomware can encrypt anything the infected user has access to, like any other malware can write to anywhere using the permissions of the account running it. That doesn't equal it becoming active for other users, but it can affect all shares the user has access to.
Countermeasures:
Prevent with virus protection & firewall, as usual.
Force all clients to install updates regularly.
Backups is the most powerful way to handle all ransomware after infection. Eventually some of your users will have one that wasn't yet recognized by your virus protection. Have a backup that your users don't have write access to. Otherwise the backups are useless, because the ransomware has equal access to write over the backups, too.
An offline backup is the most safe way to achieve this, but might not be very practical as you need to do more manually, and remember to do it regularly.
I usually have an independent machine that uses separated credentials to access the locations to be backed up. There, I have incremental backup that can store any changes over weeks or months. It's good against both ransomware and user errors.
WannaCry is using a vulnerability in Windows implementation of SMB: the protocol itself isn't vulnerable. From a news article on MalwareLess:
The WannaCry attacks are initiated using an SMBv2 remote code execution in Microsoft Windows OS. The EternalBlue exploit has been made publically available through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14. However, many companies and public organizations have not yet installed the patch to their systems.
The patch mentioned is MS17-010, Security Update for Microsoft Windows SMB Server (4013389):
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.
Therefore, it doesn't affect Linux. Windows is also safe after installing the update. However, if there still is a client computer with a non-patched Windows, the data on a share might not be in safe.
Found this, although no source was provided to back up the claim:
WannaCry exploits a set of flaws in Microsoft's implementation of the SMB1 protocol. Since these are implementation flaws rather than structural flaws in the protocol itself, Linux systems are immune. This is true regardless of if the systems are running Samba, Wine, or any other Windows-emulation layer.
No, but if you're worried...
Another thing to do is disable clients ability to connect outgoing ports TCP 137, 139 and 445, and UDP 137, 138 to WAN on your router.
This way you prevent your PCs connecting to non-LAN SMB servers. You should also use Windows firewall to prevent public / private SMB and allow domain-only communication for your subnet ranges if you can.
Finnally install the update and disable SMB 1.0 if possible. You shouldn't have anything to worry about if you do this.