{"id":2277,"date":"2016-07-26T03:18:35","date_gmt":"2016-07-26T07:18:35","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=2277"},"modified":"2019-11-15T14:59:13","modified_gmt":"2019-11-15T11:59:13","slug":"shade-decryptor","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/shade-decryptor\/2277\/","title":{"rendered":"No More Ransom"},"content":{"rendered":"

Ge\u00e7ti\u011fimiz y\u0131l, Hollanda Emniyet Te\u015fkilat\u0131 ile NoRansom<\/a> internet sitesi i\u00e7in g\u00fc\u00e7lerimizi birle\u015ftirdik. Bu site, CoinVault fidye yaz\u0131l\u0131m\u0131ndan zarar g\u00f6rm\u00fc\u015f insanlara verilerini geri almalar\u0131 i\u00e7in yard\u0131m ediyor. Daha sonra bu internet sitesine TeslaCrypt, CryptXXX ve bunun gibi ba\u015fka \u015fifreleme yaz\u0131l\u0131mlar\u0131ndan zarar g\u00f6rm\u00fc\u015f dosyalar\u0131 \u00e7\u00f6zmesi i\u00e7in kullan\u0131lan di\u011fer \u00fccretsiz ara\u00e7lar\u0131 ekledik. <\/p>\n

Bug\u00fcn, fidye yaz\u0131l\u0131m\u0131na kar\u015f\u0131 verdi\u011fimiz sava\u015fta \u00e7ok b\u00fcy\u00fck bir ad\u0131m at\u0131yoruz. Hollanda Polisi, Europol ve Intel Security ile birlikte NoMoreRansom.org<\/a>\u2018u yapt\u0131k. Bu internet sitesine bulunabilecek b\u00fct\u00fcn \u015fifre \u00e7\u00f6z\u00fcc\u00fcleri toplayaca\u011f\u0131m\u0131z bir yer olacak.<\/p>\n

Shade fidye yaz\u0131l\u0131m\u0131<\/a>ndan etkilenenlerin dosyalar\u0131n\u0131 kurtaracak \u00e7\u00f6z\u00fcm\u00fcn\u00fc siteye y\u00fckleyerek ba\u015fl\u0131yoruz. Di\u011ferleri gibi, bu hizmet de \u00fccretsiz. <\/p>\n

Shade<\/strong>
\nShade, 2015 y\u0131l\u0131n\u0131n ba\u015flar\u0131nda ke\u015ffedilmi\u015f bir fidye vir\u00fcs\u00fc. Shade trojan\u0131 ilk olarak zararl\u0131 spamlar ya da exploit kits<\/a> kullan\u0131r. \u0130kinci ad\u0131m\u0131 \u00e7ok daha tehlikelidir \u00e7\u00fcnk\u00fc kullan\u0131c\u0131lar\u0131n zarar g\u00f6rm\u00fc\u015f internet sitesine bir defa girmeleri dosyalar\u0131n \u015fifrelenmesi i\u00e7in yeterlidir.<\/p>\n

Fidye yaz\u0131l\u0131m\u0131 kurban\u0131n sistemine girdi\u011finde, trojan \u015fifreyi \u00e7\u00f6zmek i\u00e7in su\u00e7lular\u0131n Y\u00f6netim ve Kontrol (C&C) sunucular\u0131ndaki anahtar\u0131 istiyor. Sunucu eri\u015filemez olursa, alternatif olarak g\u00f6m\u00fcl\u00fc bir anahtar kullan\u0131yor. Bu olay \u015fu anlama geliyor, bilgisayar\u0131n interneti kesilse bile, \u015fifreleme fonksiyonlar\u0131 tamamen sistemin i\u00e7inde oluyor. <\/p>\n

Daha sonra fidye yaz\u0131l\u0131m\u0131 dosyalar\u0131 \u015fifrelemeye ba\u015fl\u0131yor. Microsoft Office dosyalar\u0131, foto\u011fraflar ve ar\u015fivler dahil 150\u2019den fazla formattaki dosyay\u0131 etkiliyor. Shade \u015fifrelerken dosya isimlerine xtbl ya da .ytbl eklentileri ekliyor. \u015eifreleme tamamland\u0131ktan sonra, fidye notu ekranda beliriyor. <\/p>\n

\"shade-ransom-demand\"<\/p>\n

B\u00fct\u00fcn bunlar yeterince k\u00f6t\u00fc de\u011filmi\u015f gibi, fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131ya devam ediyor: kurban panik i\u00e7inde bunu \u00e7\u00f6zecek \u015fifre \u00e7\u00f6z\u00fcc\u00fc ararken \u2013 ya da fidyeyi \u00f6demeye haz\u0131rlan\u0131rken \u2013 Shade bilgisayara di\u011fer zararl\u0131 ve tehlikeli yaz\u0131l\u0131mlar\u0131 y\u00fckleyerek bilgisayar\u0131 me\u015fgul ediyor.<\/p>\n

\u00dccretsiz \u015fifre \u00e7\u00f6z\u00fcc\u00fc <\/strong>
\nE\u011fer Shade\u2019in kurban\u0131 olacak kadar \u015fanss\u0131zsan\u0131z, sizin i\u00e7in iyi bir haberimiz var: Dosyalar\u0131n\u0131z\u0131n \u015fifresini \u00e7\u00f6zmek i\u00e7in fidye \u00f6demenize gerek yok. Yapman\u0131z gerekenler:<\/p>\n

1. Buraya t\u0131klay\u0131n<\/a>. <\/p>\n

2. A\u015fa\u011f\u0131 inip ShadeDecryptor\u2019u bulun. Intel Security ya da Kaspersky Lab taraf\u0131ndan geli\u015ftirilmi\u015f \u015fifre \u00e7\u00f6z\u00fcc\u00fclerden birini indirin. Yaz\u0131n\u0131n geri kalan\u0131nda bulunan \u015fifre \u00e7\u00f6z\u00fcc\u00fc kullanma klavuzu Kaspersky\u2019nin geli\u015ftirdi\u011fi uygulamaya g\u00f6re haz\u0131rlanm\u0131\u015ft\u0131r. <\/p>\n

3. \u0130ndirdi\u011finiz dosya olan ShadeDecryptor.zip\u2019i \u00e7\u0131kart\u0131n.<\/p>\n

4. ShadeDecryptor.exe.<\/strong> dosyas\u0131n\u0131 \u00e7al\u0131\u015ft\u0131r\u0131n.<\/p>\n

5. Kaspersky ShadeDecryptor ekran\u0131nda, Change Parameters (Parametleri De\u011fi\u015ftir)<\/strong>\u2018e bas\u0131n.<\/p>\n

\"kaspersky-shade-decryptor-1\"<\/p>\n

6. \u015eifrelenmi\u015f dosyalar\u0131 hangi s\u00fcr\u00fcc\u00fclerde aramak istedi\u011finizi se\u00e7in. <\/p>\n

7. Ayn\u0131 ekrandan isterseniz \u201d Delete crypted files after decryption (\u015eifrelenmi\u015f dosyalar\u0131 \u00e7\u00f6zd\u00fckten sonra sil)\u201d se\u00e7ene\u011fini se\u00e7ebilirsiniz, ama dosyalar\u0131n\u0131z\u0131n %100 \u00e7\u00f6z\u00fcld\u00fc\u011f\u00fcne emin olmadan bunu yapman\u0131z\u0131 \u00f6nermiyoruz. <\/p>\n

\"kaspersky-shade-decryptor-2\"<\/p>\n

8. Ana ekrana d\u00f6nmek i\u00e7in \u201dOK\u201d se\u00e7ene\u011fine bas\u0131n, daha sonra Start scan (Taramay\u0131 ba\u015flat)<\/strong> se\u00e7ene\u011fine bas\u0131n. <\/p>\n

\"kaspersky-shade-decryptor-3\"<\/p>\n

9. \u201cSpecify the path to one of encrypted files (\u015eifrelenmi\u015f dosyalardan birini se\u00e7in)\u201d ekran\u0131nda, \u015fifrelenmi\u015f dosyalar\u0131n\u0131zdan birini se\u00e7in ve \u201dOpen (A\u00e7)\u201d se\u00e7ene\u011fine bas\u0131n. <\/p>\n

10. E\u011fer uygulama otomatik olarak kurban\u0131n ID\u2019sini bulamad\u0131\u011f\u0131n\u0131 s\u00f6ylerse, readme.txt <\/strong>dosyas\u0131ndan ID sorgulamas\u0131 yapabilirsiniz. <\/p>\n

Dosyalar\u0131n\u0131z \u00e7\u00f6z\u00fcld\u00fc. Harcamad\u0131\u011f\u0131n\u0131z paralar\u0131n tad\u0131n\u0131 \u00e7\u0131kart\u0131n! Ve kendinizi gelecekte kar\u015f\u0131la\u015fabilece\u011finiz fidye yaz\u0131l\u0131mlar\u0131na kar\u015f\u0131 koruyun, Kaspersky Internet Security<\/a> gibi g\u00fc\u00e7l\u00fc bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc kullan\u0131n. Fidye yaz\u0131l\u0131mlar\u0131 hakk\u0131nda daha detayl\u0131 bilgi i\u00e7in \u015furadan<\/a> yararlanabilirsiniz.<\/p>\n","protected":false},"excerpt":{"rendered":"

Ge\u00e7ti\u011fimiz y\u0131l, Hollanda Emniyet Te\u015fkilat\u0131 ile NoRansom internet sitesi i\u00e7in g\u00fc\u00e7lerimizi birle\u015ftirdik. Bu site, CoinVault fidye yaz\u0131l\u0131m\u0131ndan zarar g\u00f6rm\u00fc\u015f insanlara verilerini geri almalar\u0131 i\u00e7in yard\u0131m ediyor. Daha sonra bu internet<\/p>\n","protected":false},"author":421,"featured_media":2278,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1284,1351],"tags":[922,923,927,925,926,928,828,921,241,924],"class_list":{"0":"post-2277","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"category-threats","9":"tag-cryptors","10":"tag-decryptors","11":"tag-fide-yazilimi","12":"tag-kullanma-klavuzu","13":"tag-nomoreransom","14":"tag-shade","15":"tag-sifre-cozucu","16":"tag-sifreleyici","17":"tag-trojan","18":"tag-ucretsiz-araclar"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/shade-decryptor\/2277\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/shade-decryptor\/7441\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/shade-decryptor\/7470\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/shade-decryptor\/7427\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/shade-decryptor\/8770\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/shade-decryptor\/8664\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/shade-decryptor\/12591\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/shade-decryptor\/12661\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/shade-decryptor\/5903\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/shade-decryptor\/6426\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/shade-decryptor\/8305\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/shade-decryptor\/12072\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/shade-decryptor\/12591\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/shade-decryptor\/12661\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/shade-decryptor\/12661\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/cryptors\/","name":"cryptors"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=2277"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2277\/revisions"}],"predecessor-version":[{"id":7168,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2277\/revisions\/7168"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/2278"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=2277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=2277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=2277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}