If you thought we’d seen the last of the Wannacry ransomware, think again. Recently, a new threat has been discovered that targets Linux users.
It should be noted up front that “SambaCry” is not a variant strain of the aforementioned ransomware, but rather, a security flaw in Linux that mirrors the one Wannacry used to exploit Windows-based systems. The vulnerability, officially named CVE-2017-7494. was dubbed SambaCry because of those similarities.
Normally, Linux users avoid the kinds of security issues that plague Windows-based machines, but this is a bit of a different case, and here’s why:
There’s a Linux service called Samba Server Service which provides SMB/CIFS capabilities in Linux and Unix-based systems. While it’s true that Linux can use any number of file sharing protocols, Samba is often used in environments featuring a mix of Linux and Windows PCs, because Windows PCs have a hard time dealing with Network File System Shares coming from machines running other OS’s.
When a Linux server is running Samba, some folders (called CIFS Shares) will appear as a network folder to Windows users.
The security flaw allowed a remote user to send executable code to the server hosting the share, including code which could encrypt a file system and hold it for ransom.
As you might expect, the Linux crowd treated this as a top priority and has already moved to patch the flaw.
The long and the short of it is simply that if you’re running a Linux server and using Samba, you’re probably vulnerable unless you’ve downloaded and applied the latest security patch. If you haven’t, you should do so immediately.
While Linux users have been fortunate to have suffered relatively fewer critical security flaws, this is a painful reminder that as good as the OS is, it’s not bullet proof.