{"id":10801,"date":"2022-06-28T14:19:34","date_gmt":"2022-06-28T11:19:34","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10801"},"modified":"2022-06-28T14:19:34","modified_gmt":"2022-06-28T11:19:34","slug":"ransomware-ttp-report","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/ransomware-ttp-report\/10801\/","title":{"rendered":"Fidye yaz\u0131l\u0131m\u0131 teknikleri, taktikleri ve prosed\u00fcrleri"},"content":{"rendered":"

Kaspersky uzmanlar\u0131 en s\u0131k kar\u015f\u0131la\u015f\u0131lan sekiz fidye yaz\u0131l\u0131m\u0131 grubu olan Conti\/Ryuk, Pysa, Clop, Hive, Lockbit2.0, RagnarLocker, BlackByte ve BlackCat\u2019in taktiklerini, tekniklerini ve prosed\u00fcrlerini derinlemesine analiz etti. Sald\u0131r\u0131n\u0131n farkl\u0131 a\u015famalar\u0131nda sald\u0131rganlar\u0131n kulland\u0131\u011f\u0131 y\u00f6ntemleri ve ara\u00e7lar\u0131 kar\u015f\u0131la\u015ft\u0131rarak bir\u00e7ok grubun a\u015fa\u011f\u0131 yukar\u0131 ayn\u0131 planla hareket etti\u011fi sonucuna vard\u0131lar. Bu durum, \u015firketlerin altyap\u0131lar\u0131n\u0131 fidye yaz\u0131l\u0131mlar\u0131ndan koruyabilecek etkin evrensel \u00f6nlemler yarat\u0131lmas\u0131n\u0131 sa\u011fl\u0131yor.<\/p>\n

\u00c7al\u0131\u015fmalar\u0131n\u0131n ayr\u0131nt\u0131lar\u0131n\u0131 ve her bir tekni\u011fin ger\u00e7ek hayattan \u00f6rneklerle detayl\u0131 analizini Modern Fidye Yaz\u0131l\u0131m\u0131 Gruplar\u0131n\u0131n Yayg\u0131n Teknikleri, Taktikleri ve Prosed\u00fcrleri<\/a> raporunda bulabilirsiniz. Raporda ayn\u0131 zamanda SIGMA format\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 tespit etme kurallar\u0131 da yer al\u0131yor.<\/p>\n

Rapor a\u011f\u0131rl\u0131kl\u0131 olarak SOC analistlerine, Tehdit Av\u0131 ve Tehdit \u0130stihbarat\u0131 uzmanlar\u0131na ve olay m\u00fcdahalesi ve inceleme uzmanlar\u0131na hitap ediyor. Ancak ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z raporda ayn\u0131 zamanda \u00e7e\u015fitli kaynaklardan fidye yaz\u0131l\u0131mlar\u0131na kar\u015f\u0131 kullan\u0131lan en iyi uygulamalar\u0131 da derledi. Kurumsal altyap\u0131lar\u0131 izinsiz giri\u015f \u00f6nleme a\u015famas\u0131nda korumaya y\u00f6nelik temel pratik \u00f6nerileri blogumuzda da tekrar etmenin faydal\u0131 olaca\u011f\u0131n\u0131 d\u00fc\u015f\u00fcnd\u00fck.<\/p>\n

\u0130zinsiz giri\u015f \u00f6nleme<\/h2>\n

\u0130deal opsiyon, fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131s\u0131n\u0131 kurumsal s\u0131n\u0131rlardan i\u00e7eri girmeden \u00f6nce durdurmakt\u0131r. A\u015fa\u011f\u0131daki \u00f6nlemler, izinsiz giri\u015f riskini azaltmaya yard\u0131mc\u0131 olur:<\/p>\n

Gelen trafi\u011fin filtrelenmesi.<\/strong> Y\u00f6nlendiriciler, g\u00fcvenlik duvarlar\u0131, IDS sistemleri gibi t\u00fcm u\u00e7 cihazlarda filtreleme politikalar\u0131 uygulanmal\u0131d\u0131r. \u0130stenmeyen e-postalara ve kimlik av\u0131na kar\u015f\u0131 e-posta filtrelemeyi de unutmay\u0131n. E-posta eklerini do\u011frulamak i\u00e7in korumal\u0131 alan<\/a> kullanmak ak\u0131ll\u0131ca olacakt\u0131r.<\/p>\n

K\u00f6t\u00fc ama\u00e7l\u0131 web sitelerinin engellenmesi.<\/strong> Bilinen k\u00f6t\u00fc ama\u00e7l\u0131 web sitelerine eri\u015fimi k\u0131s\u0131tlay\u0131n. Bunun i\u00e7in \u00f6rne\u011fin araya giren proxy sunucular\u0131 uygulayabilirsiniz. Siber tehdit listelerini g\u00fcncel tutmak i\u00e7in tehdit istihbarat\u0131 veri ak\u0131\u015flar\u0131n\u0131 kullanabilirsiniz.<\/p>\n

Derin Paket \u0130ncelemesi (DPI) kullan\u0131m\u0131<\/strong>. A\u011f ge\u00e7idi d\u00fczeyinde DPI s\u0131n\u0131f\u0131 bir \u00e7\u00f6z\u00fcm kullanmak, trafikte k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m olup olmad\u0131\u011f\u0131n\u0131 kontrol etmenizi sa\u011flar.<\/p>\n

K\u00f6t\u00fc ama\u00e7l\u0131 kodlar\u0131 engelleme.<\/strong> K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 engellemek i\u00e7in imza kullan\u0131n.<\/p>\n

RDP korumas\u0131.<\/strong> M\u00fcmk\u00fcn olan her yerde RDP\u2019yi devre d\u0131\u015f\u0131 b\u0131rak\u0131n. Bir sebepten \u00f6t\u00fcr\u00fc kullanmay\u0131 b\u0131rakam\u0131yorsan\u0131z a\u00e7\u0131k bir RDP ba\u011flant\u0131 noktas\u0131na (3389) sahip sistemleri g\u00fcvenlik duvar\u0131 arkas\u0131na al\u0131n ve bunlara yaln\u0131zca VPN \u00fczerinden eri\u015fime izin verin.<\/p>\n

\u00c7ok fakt\u00f6rl\u00fc kimlik do\u011frulama.<\/strong> Uzaktan eri\u015filebilen t\u00fcm noktalarda \u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulama, g\u00fc\u00e7l\u00fc parolalar ve otomatik hesap kilitleme politikalar\u0131 kullan\u0131n.<\/p>\n

\u0130zin verilen ba\u011flant\u0131lar listesi.<\/strong> Donan\u0131m g\u00fcvenlik duvarlar\u0131n\u0131 kullanarak IP izin listesini zorunlu hale getirin.<\/p>\n

Bilinen g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 onar\u0131n.<\/strong> Uzaktan eri\u015fim sistemlerinde ve internete do\u011frudan ba\u011flant\u0131s\u0131 olan cihazlarda g\u00fcvenlik a\u00e7\u0131klar\u0131na y\u00f6nelik yamalar\u0131 zaman\u0131nda y\u00fckleyin.<\/p>\n

Rapor<\/a> ayn\u0131 zamanda g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n k\u00f6t\u00fcye kullan\u0131m\u0131na ve yatay harekete kar\u015f\u0131 korunmaya dair pratik \u00f6nerilerin yan\u0131 s\u0131ra, veri s\u0131z\u0131nt\u0131lar\u0131na kar\u015f\u0131 m\u00fccadele ve olay haz\u0131rl\u0131\u011f\u0131na y\u00f6nelik tavsiyeler de i\u00e7eriyor.<\/p>\n

\u0130lave koruma<\/h2>\n

Kurulu\u015flar i\u00e7in sald\u0131r\u0131n\u0131n yay\u0131lma yolunu m\u00fcmk\u00fcn olan en k\u0131sa s\u00fcrede ortadan kald\u0131rmaya ve olay incelemesine yard\u0131mc\u0131 olabilecek ilave ara\u00e7lar sunmak \u00fczere EDR \u00e7\u00f6z\u00fcm\u00fcm\u00fcz\u00fc de g\u00fcncelledik. BT olgunlu\u011funa sahip g\u00fcvenlik s\u00fcre\u00e7leri olan kurulu\u015flara y\u00f6nelik yeni s\u00fcr\u00fcm\u00fcn ad\u0131 Kaspersky Endpoint Detection and Response Expert. Bulutta veya \u015firket i\u00e7erisinde devreye al\u0131nabiliyor. Bu \u00e7\u00f6z\u00fcm\u00fcn becerilerine dair daha fazla bilgiye buradan<\/a> ula\u015fabilirsiniz.<\/p>\n","protected":false},"excerpt":{"rendered":"

Modern fidye yaz\u0131l\u0131m\u0131 \u015fifreleyicilerinin derinlemesine analizi, evrensel y\u00f6ntemleri uygulayarak fidye yaz\u0131l\u0131mlar\u0131yla m\u00fccadele etmenizi sa\u011fl\u0131yor.<\/p>\n","protected":false},"author":2581,"featured_media":10802,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[591,2203],"class_list":{"0":"post-10801","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-fidye-yazilimi","10":"tag-soc"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/ransomware-ttp-report\/10801\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/ransomware-ttp-report\/24309\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-ttp-report\/19777\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/ransomware-ttp-report\/10009\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ransomware-ttp-report\/26662\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ransomware-ttp-report\/24606\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/ransomware-ttp-report\/24982\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ransomware-ttp-report\/27326\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ransomware-ttp-report\/33371\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ransomware-ttp-report\/44706\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/ransomware-ttp-report\/19094\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/ransomware-ttp-report\/28945\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ransomware-ttp-report\/25153\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ransomware-ttp-report\/30674\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ransomware-ttp-report\/30423\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/fidye-yazilimi\/","name":"Fidye Yaz\u0131l\u0131m\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10801"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10801\/revisions"}],"predecessor-version":[{"id":10807,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10801\/revisions\/10807"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10802"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}