Skip to main content

Linux Gets Its Own Wannacry-like Variant

By July 25, 2017March 1st, 2023Technology News

If you thought we’d seen the last of the Wannacry ransomware, think again. Recently, a new threat has been discovered that targets Linux users.

It should be noted up front that “SambaCry” is not a variant strain of the aforementioned ransomware, but rather, a security flaw in Linux that mirrors the one Wannacry used to exploit Windows-based systems. The vulnerability, officially named CVE-2017-7494. was dubbed SambaCry because of those similarities.

Normally, Linux users avoid the kinds of security issues that plague Windows-based machines, but this is a bit of a different case, and here’s why:

There’s a Linux service called Samba Server Service which provides SMB/CIFS capabilities in Linux and Unix-based systems. While it’s true that Linux can use any number of file sharing protocols, Samba is often used in environments featuring a mix of Linux and Windows PCs, because Windows PCs have a hard time dealing with Network File System Shares coming from machines running other OS’s.

When a Linux server is running Samba, some folders (called CIFS Shares) will appear as a network folder to Windows users.

The security flaw allowed a remote user to send executable code to the server hosting the share, including code which could encrypt a file system and hold it for ransom.

As you might expect, the Linux crowd treated this as a top priority and has already moved to patch the flaw.

The long and the short of it is simply that if you’re running a Linux server and using Samba, you’re probably vulnerable unless you’ve downloaded and applied the latest security patch. If you haven’t, you should do so immediately.

While Linux users have been fortunate to have suffered relatively fewer critical security flaws, this is a painful reminder that as good as the OS is, it’s not bullet proof.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.