{"id":10541,"date":"2022-03-02T14:22:57","date_gmt":"2022-03-02T11:22:57","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10541"},"modified":"2022-05-05T14:25:09","modified_gmt":"2022-05-05T11:25:09","slug":"hermeticransom-hermeticwiper-attacks-2022","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/hermeticransom-hermeticwiper-attacks-2022\/10541\/","title":{"rendered":"Dikkat da\u011f\u0131tmak i\u00e7in kullan\u0131lan fidye yaz\u0131l\u0131m\u0131"},"content":{"rendered":"<p>Ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z, Elections GoRansom olarak da bilinen HermeticRansom k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131 analiz etti. B\u00fct\u00fcn olarak bak\u0131ld\u0131\u011f\u0131nda bu olduk\u00e7a basit bir \u015fifreleyici yaz\u0131l\u0131m. Olay\u0131 ilgin\u00e7 k\u0131lan \u015feyse, sald\u0131rganlar\u0131n onu kullanma amac\u0131.<\/p>\n<h2>HermeticRansom\u2019\u0131n ama\u00e7lar\u0131<\/h2>\n<p>HermeticRansom, HermeticWiper olarak bilinen ba\u015fka bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mla ayn\u0131 anda bilgisayarlara sald\u0131rd\u0131 ve g\u00fcvenlik toplulu\u011fundaki halka a\u00e7\u0131k bilgilere g\u00f6re yaz\u0131l\u0131m, Ukrayna\u2019daki son siber sald\u0131r\u0131larda kullan\u0131ld\u0131. Uzmanlar\u0131m\u0131za g\u00f6re HermeticRansom\u2019\u0131n g\u00f6rece basitli\u011fi ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n uygulanmas\u0131ndaki \u015f\u00fcpheli i\u015f ak\u0131\u015f\u0131, HermeticWiper sald\u0131r\u0131lar\u0131nda dikkatleri da\u011f\u0131tmak i\u00e7in bir sis perdesi olarak kullan\u0131ld\u0131\u011f\u0131n\u0131 g\u00f6steriyor.<\/p>\n<h2>HermeticRansom\u2019\u0131n yapabilecekleri<\/h2>\n<p>K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m kurban\u0131n bilgisayar\u0131na bula\u015fmas\u0131n\u0131n ard\u0131ndan, \u00f6nce sabit s\u00fcr\u00fcc\u00fcleri tespit ediyor ve Windows ve Program Files klas\u00f6rleri d\u0131\u015f\u0131ndaki t\u00fcm dizinlerin ve dosyalar\u0131n bir listesini olu\u015fturuyor. Daha sonra belirli dosya kategorilerini \u015fifreliyor ve bu dosyalar\u0131n isimlerini .encrypted etiketi ve fidye yaz\u0131l\u0131m\u0131 operat\u00f6rlerinin e-posta adresini ekleyerek de\u011fi\u015ftiriyor. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ayr\u0131ca Masa\u00fcst\u00fc klas\u00f6r\u00fcnde sald\u0131rganlara ait ba\u011flant\u0131larla birlikte bir fidye notu da i\u00e7eren bir read_me.html dosyas\u0131 olu\u015fturuyor. S\u00f6z konusu not \u015f\u00f6yle bir \u015fey:<\/p>\n<div id=\"attachment_10542\" style=\"width: 983px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-10542\" class=\"wp-image-10542 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2022\/03\/02141637\/hermeticransom-hermeticwiper-attacks-2022-featured-ransom-note.png\" alt=\"\" width=\"973\" height=\"469\"><p id=\"caption-attachment-10542\" class=\"wp-caption-text\">HermeticRansom, a\u015fa\u011f\u0131daki uzant\u0131lara sahip dosyalar\u0131 \u015fifreliyor: .inf, .acl, .avi, .bat, .bmp, .cab, .cfg, .chm, .cmd, .com, .crt, .css, .dat, .dip, . dll, .doc, .dot, .exe, .gif, .htm, .ico, .iso, .jpg, .mp3, .msi ve odt.<\/p><\/div>\n<p>\u00a0<\/p>\n<h2>HermeticRansom\u2019\u0131n \u00f6zellikleri<\/h2>\n<p>HermeticRansom Golang dilinde yaz\u0131lm\u0131\u015f. Herhangi bir hedef \u015fa\u015f\u0131rtma mekanizmas\u0131 kullanm\u0131yor ve kulland\u0131\u011f\u0131 \u015fifreleme y\u00f6ntemi olduk\u00e7a hantal ve verimsiz. Bunlara ve di\u011fer baz\u0131 i\u015faretlere bak\u0131ld\u0131\u011f\u0131nda, uzmanlar\u0131m\u0131z bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n aceleyle olu\u015fturuldu\u011funu d\u00fc\u015f\u00fcn\u00fcyor.<\/p>\n<p>Risk g\u00f6stergeleriyle birlikte k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n daha ayr\u0131nt\u0131l\u0131 teknik analizine <a href=\"https:\/\/securelist.com\/elections-goransom-and-hermeticwiper-attack\/105960\/\" target=\"_blank\" rel=\"noopener\">Securelist blogumuzdan<\/a> ula\u015fabilirsiniz.<\/p>\n<h2>Kendinizi koruman\u0131n yollar\u0131<\/h2>\n<p>Kaspersky Lab g\u00fcvenlik \u00e7\u00f6z\u00fcmleri, HermeticRansom k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131 ve benzer tehditleri ba\u015far\u0131yla alg\u0131lar. Hem ev bilgisayarlar\u0131n\u0131 hem de kurumsal altyap\u0131y\u0131 korumaya y\u00f6nelik \u00e7e\u015fitli ara\u00e7lar\u0131m\u0131z bulunuyor. \u00d6rne\u011fin:<\/p>\n<ul>\n<li>Ev kullan\u0131c\u0131lar\u0131 i\u00e7in \u00e7ok platformlu g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcm\u00fcz <a href=\"https:\/\/www.kaspersky.com.tr\/internet-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kismd___\" target=\"_blank\" rel=\"noopener\">Kaspersky Internet Security<\/a>;<\/li>\n<li>\u0130\u015f korumas\u0131 i\u00e7in <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security\/cloud?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kescloud___\" target=\"_blank\" rel=\"noopener\">Kaspersky Endpoint Security Cloud<\/a> \u00e7\u00f6z\u00fcm\u00fcm\u00fcz;<\/li>\n<li>Di\u011fer sa\u011flay\u0131c\u0131lar\u0131n sundu\u011fu \u00fcr\u00fcnlere paralel olarak, ek bir koruma katman\u0131 \u015feklinde \u00e7al\u0131\u015fabilen \u00fccretsiz kurumsal \u00e7\u00f6z\u00fcm\u00fcm\u00fcz <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/kaspersky-anti-ransomware-tool-for-business\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=tr_KB_nv0092&amp;utm_content=link&amp;utm_term=tr_kdaily_organic_cdw92oxvuhcab46\" target=\"_blank\" rel=\"noopener\">Kaspersky Anti-Ransomware Tool<\/a>.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kartb2b\">\n","protected":false},"excerpt":{"rendered":"<p>HermeticWiper sald\u0131r\u0131lar\u0131n\u0131 desteklemek i\u00e7in dikkat da\u011f\u0131tmak amac\u0131yla HermeticRansom \u015fifreleyici yaz\u0131l\u0131m\u0131 kullan\u0131ld\u0131.<\/p>\n","protected":false},"author":2706,"featured_media":10543,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1727,1351],"tags":[591,2538,2539,935,2398],"class_list":{"0":"post-10541","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-smb","10":"category-threats","11":"tag-fidye-yazilimi","12":"tag-hermeticransom","13":"tag-hermeticwiper","14":"tag-sifreleyiciler","15":"tag-silici-yazilimlar"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/hermeticransom-hermeticwiper-attacks-2022\/10541\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/hermeticransom-hermeticwiper-attacks-2022\/23946\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/hermeticransom-hermeticwiper-attacks-2022\/19430\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/hermeticransom-hermeticwiper-attacks-2022\/9767\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/hermeticransom-hermeticwiper-attacks-2022\/26207\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/hermeticransom-hermeticwiper-attacks-2022\/24170\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/hermeticransom-hermeticwiper-attacks-2022\/23979\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/hermeticransom-hermeticwiper-attacks-2022\/26955\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/hermeticransom-hermeticwiper-attacks-2022\/26497\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/hermeticransom-hermeticwiper-attacks-2022\/32452\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hermeticransom-hermeticwiper-attacks-2022\/43825\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/hermeticransom-hermeticwiper-attacks-2022\/18590\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/hermeticransom-hermeticwiper-attacks-2022\/19047\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/hermeticransom-hermeticwiper-attacks-2022\/15827\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/hermeticransom-hermeticwiper-attacks-2022\/28234\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/hermeticransom-hermeticwiper-attacks-2022\/28141\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/hermeticransom-hermeticwiper-attacks-2022\/24851\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hermeticransom-hermeticwiper-attacks-2022\/30289\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hermeticransom-hermeticwiper-attacks-2022\/30065\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/fidye-yazilimi\/","name":"Fidye Yaz\u0131l\u0131m\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10541","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10541"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10541\/revisions"}],"predecessor-version":[{"id":10544,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10541\/revisions\/10544"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10543"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}