[Samba] Does WannaCry Ransmonware affect Samba?
Sven Schwedas
sven.schwedas at tao.at
Thu May 18 12:47:14 UTC 2017
On 2017-05-18 14:11, lingpanda101 via samba wrote:
> Hello,
>
> Up till today I have only heard that it affects Windows clients and
> Servers. However I received this today that sparked my question
>
> https://ics-cert.us-cert.gov/sites/default/files/FactSheets/ICS-CERT_FactSheet_WannaCry_Ransomware.pdf
>
>
> This suggests blocking port 445 for Samba specifically.
Probably a typo/misunderstanding. 445 is for all SMB implementations.
> First wouldn't> blocking port 445 break all file and printer sharing functionality?
>
> Second isn't this port needed even by Windows for SMB? I'm confused.
> Thanks.
Yes to both. That's what the slight understatement "may cause
disruptions on systems that require port 445" means.
Samba in itself is not vulnerable to ETERNALBLUE, so it cannot be
infected by WannaCry.
However, vulnerable clients with write access to Samba shares can still
encrypt files on Samba shares and render them useless, so you should
still make sure you can detect ransomware attacks and make sure your
backups work.
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167
More information about the samba
mailing list