{"id":10120,"date":"2021-10-06T12:25:08","date_gmt":"2021-10-06T09:25:08","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10120"},"modified":"2024-11-08T17:32:46","modified_gmt":"2024-11-08T14:32:46","slug":"ransomware-protection-test-2021","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/ransomware-protection-test-2021\/10120\/","title":{"rendered":"G\u00fcvenlik \u00e7\u00f6z\u00fcmleri fidye yaz\u0131l\u0131mlar\u0131 kar\u015f\u0131s\u0131nda ne kadar etkili?"},"content":{"rendered":"

Neredeyse her bilgi g\u00fcvenli\u011fi \u00e7\u00f6z\u00fcm\u00fc geli\u015ftiricisi, \u00fcr\u00fcnlerinin fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131lar\u0131n\u0131 engelledi\u011fini iddia ediyor. Bu do\u011fru bir iddia: Hepsi bir yere kadar fidye yaz\u0131l\u0131mlar\u0131na kar\u015f\u0131 koruma sa\u011fl\u0131yor. Fakat bu koruma ne kadar g\u00fc\u00e7l\u00fc? Kullan\u0131lan teknolojiler ne kadar etkili?<\/p>\n

Bunlar i\u00e7i bo\u015f sorular de\u011fil: Fidye yaz\u0131l\u0131mlar\u0131na kar\u015f\u0131 k\u0131smi koruma, \u015f\u00fcpheli bir ba\u015far\u0131d\u0131r. Bir \u00e7\u00f6z\u00fcm, daha ilerleyen bir tehdidi bile durduram\u0131yorsa, en az\u0131ndan kritik dosyalar\u0131 g\u00fcvende tuttu\u011funu nas\u0131l garanti edebilir?<\/p>\n

Ba\u011f\u0131ms\u0131z bir \u015firket olan AV-Test, bunu g\u00f6z \u00f6n\u00fcnde bulundurarak, kullan\u0131c\u0131lar\u0131 ger\u00e7ekte ne \u00f6l\u00e7\u00fcde koruduklar\u0131n\u0131 belirlemek amac\u0131yla 11 u\u00e7 nokta koruma platformu \u00fcr\u00fcn\u00fcn\u00fc 113 farkl\u0131 sald\u0131r\u0131 kar\u015f\u0131s\u0131na \u00e7\u0131kard\u0131. AV-Test, test i\u00e7inKaspersky Endpoint Security Cloud<\/a>\u2018u se\u00e7ti ve \u00fcr\u00fcn\u00fcm\u00fcz ba\u015ftan sona kusursuz bir \u015fekilde \u00e7al\u0131\u015ft\u0131. Testlerde \u00fc\u00e7 senaryo kullan\u0131ld\u0131:<\/p>\n

Kullan\u0131c\u0131 dosyalar\u0131n\u0131n yayg\u0131n kullan\u0131lan fidye yaz\u0131l\u0131mlar\u0131na kar\u015f\u0131 korunmas\u0131<\/h2>\n

\u0130lk test senaryosu, en tipik fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131s\u0131 olan kurban\u0131n bilgisayar\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131n\u0131 ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n yerel dosyalara eri\u015fmeye \u00e7al\u0131\u015fmas\u0131n\u0131 canland\u0131r\u0131yordu. Testin olumlu sonu\u00e7lanmas\u0131, tehdidin etkisiz hale getirildi\u011fi (yani, t\u00fcm k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m dosyalar\u0131n\u0131n silindi\u011fi, i\u015flemlerin y\u00fcr\u00fct\u00fclmesinin durduruldu\u011fu, sistemde yer edinme giri\u015fimlerinin engellendi\u011fi), her bir kullan\u0131c\u0131 dosyas\u0131n\u0131n \u015fifrelenmemi\u015f ve eri\u015filebilir oldu\u011fu anlam\u0131na geliyordu. AV-Test, bu senaryoda \u015fu 20 fidye yaz\u0131l\u0131m\u0131 ailesiyle toplam 85 test ger\u00e7ekle\u015ftirdi: conti, darkside, fonix, limbozar, lockbit, makop, maze, medusa (ako), mountlocker, nefilim, netwalker (di\u011fer ad\u0131yla mailto), phobos, PYSA (di\u011fer ad\u0131yla mespinoza), Ragnar Locker, ransomexx (di\u011fer ad\u0131yla defray777), revil (di\u011fer ad\u0131yla Sodinokibi veya Sodin), ryuk, snatch, stop, ve wastedlocker.<\/p>\n

Bu senaryoda, neredeyse her g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc m\u00fckemmel bir i\u015f \u00e7\u0131kard\u0131 ki testte iyi bilinen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m aileleri kullan\u0131ld\u0131\u011f\u0131 i\u00e7in bu pek de \u015fa\u015f\u0131rt\u0131c\u0131 bir sonu\u00e7 de\u011fildi. Sonraki senaryolar ise daha zorluydu.<\/p>\n

Uzaktan \u015fifrelemeye kar\u015f\u0131 koruma<\/h2>\n

\u0130kinci senaryoda, korumaya sahip makinede yerel a\u011f \u00fczerinden eri\u015filebilen dosyalar bulunuyordu ve sald\u0131r\u0131 ayn\u0131 a\u011fdaki ba\u015fka bir bilgisayardan ger\u00e7ekle\u015ftirildi (di\u011fer bilgisayarda hi\u00e7bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc yoktu, bu da sald\u0131rganlar\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 \u00e7al\u0131\u015ft\u0131rma, yerel dosyalar\u0131 \u015fifreleme ve ard\u0131ndan kom\u015fu ana bilgisayarlarda eri\u015filebilir bilgileri arama \u00f6zg\u00fcrl\u00fc\u011f\u00fcne sahip olmas\u0131n\u0131 sa\u011fl\u0131yordu). Testte kullan\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m aileleri ise \u015funlard\u0131: avaddon, conti, fonix, limbozar, lockbit, makop, maze, medusa (ako), nefilim, phobos, Ragnar Locker, Ransomexx (di\u011fer ad\u0131yla defray777), revil (di\u011fer ad\u0131yla Sodinokibi veya Sodin), ve ryuk.<\/p>\n

Yerel dosyalar\u0131 de\u011fi\u015ftiren bir sistem i\u015flemi oldu\u011funu g\u00f6ren ancak k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n ba\u015flat\u0131lmas\u0131n\u0131 fark edemeyen g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc, k\u00f6t\u00fc ama\u00e7l\u0131 i\u015flemin veya onu ba\u015flatan dosyan\u0131n g\u00fcvenirli\u011fini kontrol edemedi veya dosyay\u0131 tarayamad\u0131. G\u00f6r\u00fcnen o ki, teste kat\u0131lan 11 \u00e7\u00f6z\u00fcmden yaln\u0131zca \u00fc\u00e7\u00fc bu t\u00fcr sald\u0131r\u0131lara kar\u015f\u0131 bir koruma sa\u011flad\u0131 ve yaln\u0131zca Kaspersky Endpoint Security Cloud bununla m\u00fckemmel bir \u015fekilde ba\u015fa \u00e7\u0131kt\u0131. \u00dcstelik Sophos\u2019un \u00fcr\u00fcn\u00fc vakalar\u0131n %93\u2019\u00fcnde tetiklenmi\u015f olsa da, yaln\u0131zca %7\u2019sinde kullan\u0131c\u0131 dosyalar\u0131n\u0131 tam olarak koruyordu.<\/p>\n

Kavram kan\u0131t\u0131 (proof-of-concept) fidye yaz\u0131l\u0131mlar\u0131na kar\u015f\u0131 koruma<\/h2>\n

\u00dc\u00e7\u00fcnc\u00fc senaryoda ise, \u00fcr\u00fcnlerin, daha \u00f6nce kar\u015f\u0131la\u015fmas\u0131n\u0131n m\u00fcmk\u00fcn olmad\u0131\u011f\u0131 ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m veri tabanlar\u0131nda bulunmas\u0131 varsay\u0131msal olarak bile s\u00f6z konusu olmayan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlarla nas\u0131l ba\u015fa \u00e7\u0131kaca\u011f\u0131 test ediliyordu. G\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc, hen\u00fcz bilinmeyen bir tehdidi yaln\u0131zca k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n davran\u0131\u015f\u0131na tepki veren proaktif teknolojiler arac\u0131l\u0131\u011f\u0131yla tespit edebildi\u011fi i\u00e7in ara\u015ft\u0131rmac\u0131lar, siber su\u00e7lular\u0131n nadiren kulland\u0131\u011f\u0131 y\u00f6ntem ve teknolojileri bar\u0131nd\u0131ran 14 yeni fidye yaz\u0131l\u0131m\u0131 \u00f6rne\u011finin yan\u0131 s\u0131ra daha \u00f6nce hi\u00e7 g\u00f6r\u00fclmemi\u015f baz\u0131 orijinal \u015fifreleme teknikleri olu\u015fturdular. \u0130lk senaryoda oldu\u011fu gibi, testin ba\u015far\u0131yla sonu\u00e7lanmas\u0131n\u0131, kurban\u0131n makinesindeki t\u00fcm dosyalar\u0131n b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc korunmas\u0131 ve tehdidin t\u00fcm izlerini bilgisayardan tamamen kald\u0131r\u0131lmas\u0131n\u0131 i\u00e7eren tehdit alg\u0131lama ve engelleme olarak belirlediler.<\/p>\n

Sonu\u00e7lar, baz\u0131lar\u0131 \u00fcr\u00fcnlerin (ESET ve Webroot) \u00f6zel yap\u0131m k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 hi\u00e7 alg\u0131lamamas\u0131 ile di\u011ferlerinin daha iyi performans g\u00f6stermesi (WatchGuard %86, TrendMicro %64, McAfee ve Microsoft %50) aras\u0131nda farkl\u0131l\u0131k g\u00f6steriyordu. %100 performans g\u00f6steren tek \u00e7\u00f6z\u00fcm Kaspersky Endpoint Security Cloud oldu.<\/p>\n

Test sonu\u00e7lar\u0131<\/h2>\n

\u00d6zetle, Kaspersky Endpoint Security Cloud, AV-Test\u2019in t\u00fcm senaryolar\u0131nda rakiplerini geride b\u0131rakarak kullan\u0131c\u0131lar\u0131 hem bilinen hem de yeni olu\u015fturulan tehditlere kar\u015f\u0131 korudu.<\/p>\n

\"\"

Her \u00fc\u00e7 test senaryosuna ili\u015fkin toplu sonu\u00e7lar.<\/p><\/div>\n

\u00a0<\/p>\n

Bu arada, ikinci senaryo pek beklenmedik bir ger\u00e7e\u011fi daha ortaya \u00e7\u0131kard\u0131: Kullan\u0131c\u0131 dosyalar\u0131n\u0131 koruyamayan \u00fcr\u00fcnlerin \u00e7o\u011fu t\u00fcm bunlara ra\u011fmen fidye notunun oldu\u011fu dosyalar\u0131n\u0131 kald\u0131rd\u0131. Ba\u015far\u0131s\u0131zl\u0131k bir kenara, bu pek de iyi bir uygulama de\u011fildir; bu t\u00fcr dosyalar, olay ara\u015ft\u0131rmac\u0131lar\u0131n\u0131n verileri kurtarmas\u0131na yard\u0131mc\u0131 olabilecek teknik bilgileri i\u00e7erebilir.<\/p>\n

A\u015fa\u011f\u0131daki formu doldurduktan sonra, testte kullan\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131n (hem bilinen hem de test kullan\u0131c\u0131lar\u0131 taraf\u0131ndan olu\u015fturulan) ayr\u0131nt\u0131l\u0131 bir a\u00e7\u0131klamas\u0131yla birlikte raporun tam halini indirebilirsiniz.<\/p>\n