Skip to main content
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Dell EMC Unity, VNX: Dell EMC support response to the WannaCry virus on VNX and Unity NAS systems (User Correctable)

Summary: This articles should serve as a FAQ about the wannyCry virus on EMC products.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Symptoms



EMC vulnerability to the WannyCry virus

This vulnerability is exploiting CVE-2017-0147 (aka MS-017-010) which allows remote attackers to obtain sensitive information from process memory on SMBv1 server via a crafted packet.

Unity,  VNXe2 (KH+ 3200), VNXe1
This vulnerability is not exploitable in the Unity, VNXe2 (KH+ 3200), VNXe1. The SMB code on these platforms is proprietary and not vulnerable to this attack. 

VNXe2 (1600 bearcat)
This is block only storage, not vulnerable to this attack.

VNX2, VNX1
This vulnerability is not exploitable. The SMBv1 protocol is blocked and not accessible from external communications in the VNX Block system, SMB code on File/Unified is proprietary and not vulnerable to this attack. 

Resolution

What if I still need to disable SMBv1 to conform to my internal security standards?

VNX systems are not susceptible to WannaCry because they target Microsoft's SMBv1 server specifically.  Dell EMC implementations of SMBv1 are not affected.  If you want to prevent your Unified systems from creating user channels on SMBv1, you can set these parameters.

Please note these params are only available on VNX OE versions 7.1.77 and 8.1.9.155 and Unity OE version 4.1.1 and higher.
 
1. VNX and older products: From CS using the user nasadmin ssh session:

server_param ALL  f cifs  m smb1.disabled -v 1

2. Unity (versions 4.1.1 and higehr): root shell is required to set the parameter.  Please contact Dell EMC Technical Support or your Authorized Service Partner and quote this Knowledgebase ID.

PLEASE NOTE: THIS ONLY PREVENTS THE DATA MOVER FROM CREATING USER CHANNELS USING SMBv1.  The Data Mover will still use SMBv1 to establish secure channel communications with the Domain Controller.  If you want to completely stop using SMBv1, see the next section entitled, "What if I want to disable SMBv1 on the Domain Controllers."

What if I want to disable SMBv1 on the Domain Controllers?

Please do not disable SMBv1 on the Domain Controllers unless you are running a supported version of VNX OE or Unity OE:
  • VNX2 Systems: 8.1.9.211
  • Unity Systems: 4.1.1
  • VNX1 Systems: 7.1.80.710
On all versions prior to the ones listed, SMBv1 is required in order to perform secure channel setup with the Domain Controller.  Disabling SMBv1 at the Domain Controller level will cause an outage as your CIFS servers will no longer be able to negotiate secure channels with the DCs.

What if I want to block files with certain extensions from being written to the Data Mover?

You can use EMC File Extension Filtering to block these file extensions from being written:

*.wnry, *.wcry, *.wncry, and *.wncryt

Please note we can stop these extensions from being written, but this may not completely stop the virus.  Additionally, file filtering does not stop the renaming of files to these extensions, just the writing of new files with these extensions.

Please refer to the documentation which covers EMC File Extension Filtering for more information.

What happens if I find WannaCry files written on my VNX shares?  Does this mean my VNX has been infected?

The VNX and Unity systems are not susceptible to the WannaCry virus.  It is possible, however, for WannaCry to infect client machines.  If these client machines have mapped drives and have the proper write permissions, they can encrypt files on the NAS shares.

Please take precautions and checkpoint your filesystems.  Please refer to the documentation pages for your systems to learn how to enable checkpoints for your NAS filesystems.

Affected Products

VNX2 Series

Products

Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Hybrid, VNX1 Series, VNX2 Series
Article Properties
Article Number: 000057176
Article Type: Solution
Last Modified: 25 Sep 2024
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.