Is my Red Hat product affected by WannaCrypt/WannaCry, Petya/NotPetya, or Bad Rabbit ransomware?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Products

Issue

  • I'm concerned that my Red Hat product is affected by the recent ransomwares, specifically Bad Rabbit, Wannacrypt and Petya (also called NotPetya).
  • Should I worry about these ransomwares?
  • Is Red Hat Enterprise Linux vulnerable to Bad Rabbit, Wannacrypt and NotPetya ransomwares?
  • I've read about a ransomware attacks on the Register here, here and here, what do I need to know?

Resolution

  • Red Hat products are not impacted by these issues.

Root Cause

  • Bad Rabbit is a ransomware that uses a fake Adobe Flash installer, then a brute force password guess attack on SMB shares.

  • Wannacrypt and NotPetya are ransomware campaigns that exploit an SMBv1 flaw present in some legacy operating systems.

  • More details about the Bad Rabbit ransomware can be found on the Microsoft Support Website

  • More details about the Wannacrypt ransomware can be found on the Microsoft Support Website
  • More details about Petya/NotPetya ransomware can be found on Microsoft blog.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

2 Comments

Log in to comment
Jeremy Duncan's picture Newbie 12 points
28 June 2017 4:02 PM

Except if your RHEL 5/6 machine is running as a critical CIFS client, then it is most certainly seriously impacted. I have an SFTP server that mounts windows CIFS shares. I can only use SMBv1 because that's all RHEL 5 or 6 will EVER support. And SMBv1 is what's being patched. Meaning not available. I am having to scramble to get a RHEL 7 image approved, hardened, and built to avoid a significant Red Hat inflicted denial of service - which still may happen soon.

According to Red Hat - SMBv2 or 3 will never be implemented on RHEL 5 or RHEL 6. Thanks a bunch for that. Here's where they've known this since March. https://access.redhat.com/solutions/1178753

Alexander Bokovoy's picture Red Hat Community Member 70 points
29 June 2017 8:27 AM

WannaCry/Petya related issues in SMB1 are Windows-specific implementation issues. They aren't relevant to Samba implementation of SMB protocols.

An issue of SMB1 protocol interoperability with RHEL 5 or RHEL 6 systems is not related to WannaCry/Petya or other SMB1 issues. While Microsoft would like to have SMB1 protocol completely disabled, they do realize other vendors, including Red Hat, have their own product schedule and plans. It is always a decision of a customer whether to apply certain vendor suggestions in their environment, if ever possible.

Please see a recent talk Ned Pyle (Microsoft) gave on SMB1 protocol removal plans Microsoft has: https://interopevents.com/uploads/938981-Ned%20wasn%E2%80%99t%20kidding2-lite.pdf

While Red Hat currently has no plans to support SMB2 protocol in Red Hat Enterprise Linux releases in Production Phase 3 or beyond, I'd encourage you to work with your Red Hat representatives or Red Hat Support to get your requirements and needs addressed via official support channels within the context of your support agreements.