Can WannaCry infect Linxu, and my website?

With all the attacks on the NHS and other large companies across the world, we wanted to update you on some of the details of what can be affected. 88% of the world currently uses Windows, this means that hackers have the best chance of making a profit attacking this system, Mac and the others take up the remaining 12% of the Operating Systems.

Most web servers use Linux, and since wannacry affects CVE-2017-0146 and CVE-2017-0147 which is the NSA leak exploit which was released by Shadow Broker almost 3 weeks ago, both of which are only Windows exploits. If someone is using ‘wine’ on Linux can also be affected but only within the ‘wine’ section of the system.

It takes advantage of an SMB exploit.

There are 2 paths that can help you protect yourself.

  1. Make this domain available to your environment. http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com The wannacry uses this to detect if the environment is running under analysis or not. This domain was a unregistered domain until researchers realized. They made it and purchased to domain to stop the spreading. On registering the ransomware thinks it is running under sandbox and hence stops
  2. Download the patch officially release by Microsoft. Following is the link.

WannaCry: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

SMB patch: https://technet.microsoft.com/library/security/MS17-010

Concluding: WannaCry is the ransomware affects only Windows systems.

Therefore if you’re on Windows Hosting you can be affected if they haven’t patched the server correct, if you have a VPS on Windows, make sure its fully updated to protect your data.

And always backup your files somewhere else

Find out more at https://solblu.uk

Leave a Reply