{"id":10634,"date":"2022-04-18T15:49:16","date_gmt":"2022-04-18T12:49:16","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10634"},"modified":"2022-04-18T15:49:16","modified_gmt":"2022-04-18T12:49:16","slug":"black-cat-ransomware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/black-cat-ransomware\/10634\/","title":{"rendered":"BlackCat \u2014 fidye yaz\u0131l\u0131m\u0131na yeni bir oyuncu dahil oluyor"},"content":{"rendered":"

Hi\u00e7bir pazar bo\u015flu\u011fu affetmez, bu fidye yaz\u0131l\u0131mlar i\u00e7in de ge\u00e7erli. BlackMatter ve REvil \u00e7eteleri faaliyetlerini durdurduktan sonra, yeni oyuncular\u0131n ortaya \u00e7\u0131kmas\u0131 an meselesiydi. \u0130\u015fte onlardan biri \u2014 ge\u00e7en Aral\u0131k ay\u0131nda, BlackCat olarak da bilinen ALPHV grubunun sa\u011flad\u0131\u011f\u0131 hizmetlerin reklamlar\u0131 hacker forumlar\u0131nda boy g\u00f6sterdi. Birka\u00e7 olaydan sonra, K\u00fcresel Ara\u015ft\u0131rma ve Analiz Ekibi (GReAT) uzmanlar\u0131m\u0131z, bu grubun faaliyetlerini dikkatle incelemeye ve Securelist internet sitesinde<\/a> kapsaml\u0131 bir rapor yay\u0131nlamaya karar verdi.<\/p>\n

Reklamlarda sald\u0131rganlar, \u00f6nceki sald\u0131rganlar\u0131n hatalar\u0131n\u0131 ve sorunlar\u0131n\u0131 inceleyip k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n geli\u015ftirilmi\u015f bir s\u00fcr\u00fcm\u00fcn\u00fc piyasaya s\u00fcrd\u00fcklerini belirtiyordu. Ancak BlackMatter ve REvil gruplar\u0131 ile, g\u00f6stermeye \u00e7al\u0131\u015ft\u0131klar\u0131ndan \u00e7ok daha yak\u0131n ili\u015fkileri oldu\u011funa dair i\u015faretler var.<\/p>\n

BlackCat \u00e7etesi kim ve hangi ara\u00e7lar\u0131 kullan\u0131r?<\/h2>\n

BlackCat fidye yaz\u0131l\u0131m geli\u015ftiricileri, hizmetlerini, Hizmet Olarak Fidye Yaz\u0131l\u0131m\u0131 (RaaS) y\u00f6ntemiyle sunuyor. Ba\u015fka bir deyi\u015fle, di\u011fer sald\u0131rganlar\u0131n altyap\u0131lara ve k\u00f6t\u00fc ama\u00e7l\u0131 kodlara eri\u015fimini sa\u011fl\u0131yorlar. Bunun kar\u015f\u0131l\u0131\u011f\u0131nda da, fidyeden belirli bir pay al\u0131yorlar. Ayr\u0131ca, BlackCat \u00e7etesi \u00fcyeleri, muhtemelen kurbanlarla yap\u0131lan g\u00f6r\u00fc\u015fmelerden de sorumlu. Yani, \u201cfranchisee\u201dlerinin kendilerinin yapmas\u0131 gereken tek \u015fey, kurumsal ortama eri\u015fim sa\u011flamak. BlackCat\u2019in bu kadar h\u0131zl\u0131 ivme kazanmas\u0131n\u0131n nedeni, \u201cher \u015fey dahil\u201d ilkesi. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131, d\u00fcnya \u00e7ap\u0131ndaki \u015firketlere sald\u0131rmak i\u00e7in zaten kullan\u0131l\u0131yor.<\/p>\n

BlackCat\u2019in \u00e7e\u015fitli hizmetleri var. Bunlardan ilki, ayn\u0131 ad\u0131 ta\u015f\u0131yan \u015fifreleyici. Rust dilinde yazd\u0131klar\u0131 \u015fifreleyici sayesinde, sald\u0131rganlar hem Windows hem de Linux ortamlar\u0131nda \u00e7al\u0131\u015fan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m s\u00fcr\u00fcmleriyle platformlar aras\u0131 bir ara\u00e7 olu\u015fturmay\u0131 ba\u015fard\u0131.<\/p>\n

\u0130kincisi, vir\u00fcsl\u00fc altyap\u0131dan veri s\u0131zd\u0131rmak i\u00e7in kullan\u0131lan Fendr yard\u0131mc\u0131 program\u0131. Fendr\u2019in kullan\u0131lmas\u0131, BlackCat\u2019in, BlackMatter grubunun yeniden markala\u015fmas\u0131 olabilece\u011fine i\u015faret ediyor. \u00c7\u00fcnk\u00fc bilindi\u011fi kadar\u0131yla, ExMatter ismiyle de an\u0131lan bu arac\u0131 kullanan tek \u00e7ete onlar.<\/p>\n

Ayr\u0131ca BlackCat, kurban\u0131n a\u011f\u0131ndaki yanal hareketleri tespit etmek i\u00e7in PsExec arac\u0131n\u0131 kullan\u0131r: \u00dcnl\u00fc hacker yaz\u0131l\u0131m\u0131 Mimikatz ve a\u011f parolalar\u0131n\u0131 ay\u0131klamak i\u00e7in Nirsoft yaz\u0131l\u0131m\u0131.<\/p>\n

Bu Securelist blogundan<\/a>, BlackCat y\u00f6ntemleri ve ara\u00e7lar\u0131n\u0131n yan\u0131 s\u0131ra risk g\u00f6stergeleri hakk\u0131nda daha fazla teknik bilgi edinebilirsiniz.<\/p>\n

BlackCat\u2019in kurbanlar\u0131 kimler?<\/h2>\n

BlackCat fidye yaz\u0131l\u0131m\u0131 olaylar\u0131nda, uzmanlar\u0131m\u0131z petrol, gaz, madencilik ve in\u015faatla u\u011fra\u015fan bir G\u00fcney Amerika sanayi \u015firketine en az bir sald\u0131r\u0131 g\u00f6zlemledi. Ayr\u0131ca yaz\u0131l\u0131m\u0131n, Orta Do\u011fu\u2019da bulunan bir kurumsal kaynak planlama sa\u011flay\u0131c\u0131s\u0131n\u0131n birka\u00e7 m\u00fc\u015fterisine bula\u015ft\u0131\u011f\u0131na tan\u0131kl\u0131k etti.<\/p>\n

En tedirgin edici ger\u00e7eklerden biri, Fendr\u2019\u0131n evrimi. \u015eu anda ara\u00e7, \u00f6nceki BlackMatter grup sald\u0131r\u0131lar\u0131na k\u0131yasla, daha geni\u015f bir dosya yelpazesini otomatik olarak indirebilir. Siber su\u00e7lular, yak\u0131n zamanda belirtilen uzant\u0131lara sahip dosyalar\u0131 bulma \u00f6zelli\u011fini ekledi: .sqlite, .catproduct, .rdp, .accdb, .catpart, .catdrawing, .3ds, .dwt ve .dxf. Bu t\u00fcr dosyalar, end\u00fcstriyel tasar\u0131m uygulamalar\u0131 ve uzaktan eri\u015fim ara\u00e7lar\u0131yla ba\u011flant\u0131l\u0131d\u0131r. Yani bu durum, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m geli\u015ftiricilerinin, end\u00fcstriyel ortamlar\u0131 hedefledi\u011fine i\u015faret ediyor olabilir.<\/p>\n

Kendinizi koruman\u0131n yollar\u0131<\/h2>\n

\u015eirketinizin \u00f6nemli bilgilerini kaybetmemesi i\u00e7in \u00f6ncelikle t\u00fcm kurumsal cihazlar\u0131 g\u00fcvenilir g\u00fcvenlik \u00e7\u00f6z\u00fcmleriyle<\/a> koruman\u0131z\u0131, ve \u00e7al\u0131\u015fanlar\u0131n\u0131za bilgi g\u00fcvenli\u011fi temelleri<\/a> konusunda d\u00fczenli e\u011fitim vermenizi \u00f6neriyoruz.<\/p>\n

Hizmet olarak fidye yaz\u0131l\u0131m\u0131n\u0131n durdurulamayan y\u00fckseli\u015fiyle birlikte, \u015firketlerin olaylara haz\u0131rl\u0131kl\u0131 olmas\u0131 ve \u00e7ok katmanl\u0131 bir fidye yaz\u0131l\u0131m\u0131 \u00f6nleme stratejisine<\/a> sahip olmas\u0131, her zamankinden daha \u00f6nemli.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Uzmanlar\u0131m\u0131z, fidye yaz\u0131l\u0131m \u00e7etesi BlackCat’in faaliyetlerini ara\u015ft\u0131rd\u0131 ve kulland\u0131\u011f\u0131 ara\u00e7lar\u0131 inceledi.<\/p>\n","protected":false},"author":2581,"featured_media":10635,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2022,935],"class_list":{"0":"post-10634","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-fidye-yazilim","10":"tag-sifreleyiciler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/black-cat-ransomware\/10634\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/black-cat-ransomware\/24055\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/black-cat-ransomware\/19541\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/black-cat-ransomware\/26379\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/black-cat-ransomware\/24326\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/black-cat-ransomware\/24673\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/black-cat-ransomware\/27085\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/black-cat-ransomware\/33086\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/black-cat-ransomware\/44120\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/black-cat-ransomware\/18784\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/black-cat-ransomware\/19314\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/black-cat-ransomware\/28475\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/black-cat-ransomware\/24954\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/black-cat-ransomware\/30406\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/black-cat-ransomware\/30174\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/fidye-yazilim\/","name":"fidye yaz\u0131l\u0131m"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10634"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10634\/revisions"}],"predecessor-version":[{"id":10636,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10634\/revisions\/10636"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10635"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}