{"id":2298,"date":"2016-07-29T08:49:42","date_gmt":"2016-07-29T12:49:42","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=2298"},"modified":"2019-11-15T14:58:58","modified_gmt":"2019-11-15T11:58:58","slug":"ask-expert-yornt-ransomware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/ask-expert-yornt-ransomware\/2298\/","title":{"rendered":"Uzmana sorun: Jornt van der Wiel fidye yaz\u0131l\u0131m\u0131 a\u00e7\u0131kl\u0131yor"},"content":{"rendered":"<p>Jornt van der Wiel GReAT\u2019in (Global Research and Analysis Team \u2013 Global Ara\u015ft\u0131rma ve Analiz Ekibi) bir \u00fcyesi ve bizim fidye yaz\u0131l\u0131m, \u015fifre \u00e7\u00f6z\u00fcmleme uzman\u0131m\u0131z. Hollanda\u2019da ya\u015f\u0131yor ve Kaspersky Lab\u2019da 2 seneden uzun bir s\u00fcredir \u00e7al\u0131\u015f\u0131yor.<\/p>\n<p>Okuyucular\u0131m\u0131za Jornt\u2019a fidye yaz\u0131l\u0131m ve \u015fifre \u00e7\u00f6z\u00fcmleme ile ilgili sorular sorma imkan\u0131 verdik, m\u00fckemmel geri d\u00f6n\u00fc\u015fler ald\u0131k. Asl\u0131nda, bir blog yaz\u0131s\u0131nda hepsine cevap vermek yerine sorular\u0131 iki gruba ay\u0131rd\u0131k. Bu g\u00f6nderide, Jornt fidye yaz\u0131l\u0131mla ilgili sorular\u0131 cevapl\u0131yor gelecek di\u011fer g\u00f6nderide ise \u015fifre \u00e7\u00f6z\u00fcmlemeyi ele alacak.<\/p>\n<p><strong>Trojanlara ve klasik vir\u00fcslere oranla fidye yaz\u0131l\u0131m\u0131n gelecekte bizi daha \u00e7ok tehdit edece\u011fini d\u00fc\u015f\u00fcn\u00fcyor musunuz?<\/strong><\/p>\n<p>Tabiki evet. Yeni ailelerin g\u00fc\u00e7lenmesini ve kullan\u0131c\u0131lara sald\u0131r\u0131 giri\u015fimlerini ke\u015ffediyoruz. Tehlike her ge\u00e7en g\u00fcn daha da b\u00fcy\u00fcyor. Bu denli b\u00fcy\u00fcmesinin nedeni para kazanman\u0131n di\u011ferlerine oranla daha kolay olmas\u0131. Su\u00e7lu bir sald\u0131r\u0131 yapar, kurban \u00f6demeyi yapar, \u00f6deme yap\u0131ld\u0131\u011f\u0131nda kurban anahtar\u0131 alarak \u015fifreli dosyalar\u0131n\u0131 a\u00e7ar. Ek olarak ba\u015fka hi\u00e7bir konu\u015fmaya, y\u00f6nlendirmeye gerek yoktur. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n tam tersi olarak i\u015fler. \u00d6rnek olarak bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m sald\u0131r\u0131s\u0131nda su\u00e7lular genellikle kurbanlar\u0131yla ileti\u015fime ge\u00e7mek zorundad\u0131r.<\/p>\n<p><strong>Fidye yaz\u0131l\u0131mdan nas\u0131l korunurum?<\/strong><\/p>\n<ul>\n<li>Her zaman son g\u00fcncelle\u015ftirmelere sahip olun;<\/li>\n<li>\u015e\u00fcpheli e-maillerdeki linklere t\u0131klamay\u0131n ve ekleri indirmeyin;<\/li>\n<li>Windows\u2019ta dosya uzant\u0131lar\u0131n\u0131 aktifle\u015ftirin (b\u00f6ylelikle dosya isminin sadece invoice.pdf yerine invoice.pdf.exe oldu\u011funu g\u00f6rebilirsiniz);<\/li>\n<li><a href=\"http:\/\/kas.pr\/kdkistr\" target=\"_blank\" rel=\"noopener noreferrer\">Anti-vir\u00fcs \u00e7\u00f6z\u00fcm\u00fcn\u00fcz<\/a>\u00fc g\u00fcncel ve \u00f6zelliklerini a\u00e7\u0131k tutun;<\/li>\n<li>Ve i\u015flerin ters gitmesi olas\u0131l\u0131\u011f\u0131na kar\u015f\u0131n dosyalar\u0131n\u0131z\u0131n yedeklerini bulundurun. \u00c7evrimd\u0131\u015f\u0131 ya da Cloud sistemi ile dosyalar\u0131n\u0131z\u0131n yedeklerini saklay\u0131n (b\u00f6ylelikle bilgisayar\u0131n\u0131zdaki dosyalar\u0131n\u0131z \u015fifrelenmi\u015f olsa bile \u015fifrelenmemi\u015f yedek dosyalar\u0131n\u0131za eri\u015febilirsiniz).<\/li>\n<\/ul>\n<p><strong>Birey olarak fidye yaz\u0131l\u0131m i\u00e7in \u015firketlere oranla daha m\u0131 \u00e7aresizim?<\/strong><\/p>\n<p>Fidye yaz\u0131l\u0131m herkesi hedef al\u0131r. Bazen belirli \u015firketler hedef olarak se\u00e7ilir ancak \u00e7o\u011funlukla herkesi hedef alan devasa bir spam\u0131n doland\u0131\u011f\u0131n\u0131 g\u00f6r\u00fcyoruz. Di\u011fer taraftan, b\u00fcy\u00fck \u015firketler \u015fifre \u00f6demeyi bir se\u00e7enek olarak g\u00f6rmezler \u00e7\u00fcnk\u00fc dosyalar\u0131n\u0131n yedekleri zaten onlarda bulunur. K\u00fc\u00e7\u00fck \u015firketler fidye \u00f6demeye daha meyillidir \u00e7\u00fcnk\u00fc yedek dosyalar\u0131 saklamak fidye \u00f6demekten daha pahal\u0131 olabilir.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">10 tips to protect your files from ransomware <a href=\"https:\/\/t.co\/o0IpUU9CHb\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/o0IpUU9CHb<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/iteducation?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#iteducation<\/a> <a href=\"https:\/\/t.co\/I47sPIiWFF\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/I47sPIiWFF<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/671348678607642624?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 30, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>Fidye yaz\u0131l\u0131m ile \u015fifrelenmi\u015f dosyalar\u0131 hangi durumlarda a\u00e7abiliriz?<\/strong><\/p>\n<p>\u015eu durumlarda muhtemelen a\u00e7abilirsiniz:<\/p>\n<ul>\n<li>K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n yaz\u0131l\u0131mc\u0131lar\u0131 uygulama hatas\u0131 yaparlar ve \u015fifreyi \u00e7\u00f6z\u00fclebilir k\u0131larlar. <a href=\"https:\/\/www.kaspersky.com\/blog\/petya-ransomware\/11715\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Petya fidye yaz\u0131l\u0131m\u0131<\/a> ve <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/cryptxxx-ransomware\/2047\/\" target=\"_blank\" rel=\"noopener noreferrer\">CrpytXXX<\/a> fidye yaz\u0131l\u0131mlar\u0131n\u0131n ba\u015f\u0131na gelen buydu. Ne yaz\u0131k ki, size yapt\u0131klar\u0131 hatalar\u0131n listesini veremem e\u011fer bunu yaparsam, bu hatalar\u0131 bir daha yapmamak i\u00e7in \u00f6zen g\u00f6sterirler. Ama genel olarak, \u015fifreleme i\u015fleminden kurtulmak kolay de\u011fildir. \u015eifreleme ve insanlar\u0131n yapt\u0131\u011f\u0131 hatalar hakk\u0131nda daha \u00e7ok bilmek istiyorsan\u0131z Matasano kripto meydan okumalar\u0131n\u0131 izlemenizi \u00f6neririm.<\/li>\n<li>K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yaz\u0131l\u0131mc\u0131lar\u0131 daha sonra \u00fczg\u00fcn hissedip, ana anahtar\u0131 veya anahtarlar\u0131 payla\u015f\u0131yorlar ayn\u0131 <a href=\"https:\/\/www.kaspersky.com\/blog\/raknidecryptor-vs-teslacrypt\/12169\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">TeslaCrypt<\/a>\u2018e oldu\u011fu gibi.<\/li>\n<li>Kolluk kuvvetleri anahtarl\u0131 bir servera el koyup, payla\u015f\u0131yorlar. Ge\u00e7en sene, kullan\u0131lm\u0131\u015f anahtarlar Hollandal\u0131 polisler taraf\u0131ndan kurtar\u0131ld\u0131 ve biz de <a href=\"https:\/\/www.kaspersky.com\/blog\/coinvault-ransomware-removal-instruction\/8363\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">CoinVault<\/a> kurbanlar\u0131 i\u00e7in bir \u015fifre \u00e7\u00f6zme arac\u0131 yapabildik.<\/li>\n<\/ul>\n<p>Bazen fidyeyi \u00f6demek de i\u015fe yarar ancak \u00f6demeyi yapmak dosyalar\u0131n\u0131z\u0131n a\u00e7\u0131laca\u011f\u0131 <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/ranscam-ransomware\/2265\/\" target=\"_blank\" rel=\"noopener noreferrer\">garantisini vermez<\/a>. Ek olarak, e\u011fer \u00f6derseniz, su\u00e7luyu desteklemi\u015f olursunuz ve di\u011fer insanlar\u0131n fidye yaz\u0131l\u0131mdan zarar g\u00f6rmesine olanak sa\u011flars\u0131n\u0131z.<\/p>\n<p>CryptXXX ile ba\u015fa \u00e7\u0131kabilmek i\u00e7in olan <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/cryptxxx-decryption-20\/2058\/\" target=\"_blank\" rel=\"noopener noreferrer\">y\u00f6nergelerde<\/a>, \u015fifreli dosyalar harici bu dosyalar\u0131n \u015fifelenmemi\u015f olanlar\u0131na ihtiyac\u0131m\u0131z var. O halde neden yaz\u0131l\u0131ma ihtiya\u00e7 duyas\u0131n\u0131z? \u015eifrelenmemi\u015f dosyan\u0131z olsa, arac\u0131m\u0131za ihtiya\u00e7 duymazd\u0131n\u0131z\u2026<\/p>\n<p>Bu gayet g\u00fczel bir soru. \u0130leride daha a\u00e7\u0131k olmam\u0131z\u0131 gerektiriyor. Fidye yaz\u0131l\u0131m t\u00fcm dosyalar\u0131n\u0131z\u0131 ayn\u0131 anahtarla \u015fifreler. Yani, diyelim mi 1,000 \u015fifrelenmi\u015f dosyan\u0131z olsun ve bu dosyalar\u0131n sadece birinin \u015fifrelenmemi\u015f halini bir yerde tutuyorsunuz. \u00d6rne\u011fin, bu dosya e-mail ile birine g\u00f6nderdi\u011finiz bir foto\u011fraf. B\u00f6ylelikle di\u011fer 999 dosyan\u0131z\u0131n \u015fifresi \u00e7\u00f6z\u00fclebilir. Ancak, orijinal dosyaya ihtiyac\u0131n\u0131z var. <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Alert?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Alert<\/a> We've got a <a href=\"https:\/\/twitter.com\/hashtag\/decryptor?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#decryptor<\/a> for those infected with <a href=\"https:\/\/twitter.com\/hashtag\/CryptXXX?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#CryptXXX<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Ransomware<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"https:\/\/t.co\/MTtTKQom79\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/MTtTKQom79<\/a> <a href=\"https:\/\/t.co\/N56Wof2BZY\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/N56Wof2BZY<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/724652181580853249?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 25, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>Dosya \u015fifrelemek fidye yaz\u0131l\u0131m tek tekni\u011fi mi?<\/strong><\/p>\n<p>Hay\u0131r, bilgisayar\u0131n\u0131z\u0131 kitleyen fidye yaz\u0131l\u0131mlar\u0131 da var. Ancak bu t\u00fcrlerin \u00e7\u00f6z\u00fclmesi daha kolay ki bu y\u00fczden bu g\u00fcnlerde o kadar pop\u00fcler de\u011fil. E\u011fer di\u011fer fidye yaz\u0131l\u0131mlarla ilgili bilgi sahibi olmak ve nas\u0131l sava\u015faca\u011f\u0131n\u0131z\u0131 \u00f6\u011frenmek istiyorsan\u0131z <a href=\"https:\/\/www.kaspersky.com\/blog\/kaspersky-windowsunlocker-2\/12275\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">\u015fu blog yaz\u0131m\u0131za bir g\u00f6z at\u0131n<\/a>.<\/p>\n<p><strong>Haberlerden okudu\u011fum kadar\u0131yla fidye yaz\u0131l\u0131m bir kedi fare oyunu gibi. Siz bir \u00e7\u00f6z\u00fcm buluyorsunuz, rakipleriniz bunu k\u0131rmaya \u00e7al\u0131\u015f\u0131yor. Bu ger\u00e7ekten b\u00f6yle mi?<\/strong><\/p>\n<p>Asl\u0131nda de\u011fil. \u00c7al\u0131\u015fan s\u00fcre\u00e7lerdeki hareketleri izleyen <a href=\"https:\/\/www.kaspersky.com\/blog\/tip-of-the-week-cryptoware\/6199\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">System Watcher (Sistem \u0130zleyici)<\/a> eklentimiz hemen hemen t\u00fcm yeni fidye yaz\u0131l\u0131m sald\u0131r\u0131lar\u0131n\u0131 belirler ve durdurur. Bilinmeyen bir fidye yaz\u0131l\u0131m olsa bile. Pekala, System Watcher\u2019\u0131n belirleyemedi\u011fi nadir \u00f6rnekler var. Bu gibi durumlarda yeni bir davran\u0131\u015f imzas\u0131 olu\u015fturuyoruz ve bu gibi sald\u0131r\u0131lar\u0131n tekrar ya\u015fanmas\u0131n\u0131 engelliyoruz. Tekrar ediyorum, bu \u00e7ok nadiren olan bir durum.<\/p>\n<p><strong>Su\u00e7lular \u00f6demeyi takip etmesi zor olan bitcoinler ile istiyorlar. Su\u00e7lular\u0131 takip edip onlara ula\u015fmak m\u00fcmk\u00fcn olabilir mi?<\/strong><\/p>\n<p>Asl\u0131nda bitcoin al\u0131\u015fveri\u015fini izlemek zor de\u011fil. Al\u0131\u015fveri\u015fler <a href=\"https:\/\/www.kaspersky.com\/blog\/bitcoin-blockchain-news\/8116\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">blok zincirinde<\/a> yap\u0131l\u0131yor. Bu Bitcoin\u2019in do\u011fas\u0131nda var, herhangi bir al\u0131\u015fveri\u015fi izleyebilirsiniz. Bilmedi\u011finiz \u015fey al\u0131\u015fveri\u015fin di\u011fer ucunda kim oldu\u011fu. Kolluk kuvvetleri al\u0131\u015fveri\u015fleri izleyip c\u00fczdan\u0131 belirleyebilirler ancak bu c\u00fczdan\u0131n kime ait oldu\u011funu bulmalar\u0131 gerekir. <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Part 2 of our <a href=\"https:\/\/twitter.com\/hashtag\/Expert?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Expert<\/a> Q&amp;A with <a href=\"https:\/\/twitter.com\/vkamluk?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@vkamluk<\/a> discusses <a href=\"https:\/\/twitter.com\/hashtag\/DDoS?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#DDoS<\/a> &amp; more <a href=\"https:\/\/t.co\/dwZahpnAr8\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/dwZahpnAr8<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"http:\/\/t.co\/dbhaB6yFvI\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/dbhaB6yFvI<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/615549466544898048?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 29, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Bitcoin mikserleri onlar\u0131 daha \u00e7ok takip edilemez yap\u0131yor. Mikseri bitcoinleri bir\u00e7ok kez bir kullan\u0131c\u0131dan di\u011ferine ge\u00e7iren bir yap\u0131 olarak d\u00fc\u015f\u00fcnebilirsiniz. \u00d6rnek olarak, ben bir kurban\u0131m ve bir c\u00fczdana bitcoin \u00f6demesi yapmam gerekiyor. C\u00fczdana \u00f6demeyi yap\u0131yorum ve benim \u00f6dedi\u011fim bitcoin miksere giriyor. Ba\u015fka birinin bitcoini ile yer de\u011fi\u015ftiriyor. Sonunda hangi bitcoini takip edece\u011fimizi anlayam\u0131yoruz tabi. Tahmin edece\u011finiz \u00fczere, bu s\u0131kl\u0131kla oluyor.<\/p>\n<p>Bu konu \u00fczerinde baz\u0131 ara\u015ft\u0131rmalar yap\u0131ld\u0131 (bir \u00e7o\u011funu Google ile bulabilirsiniz) ve ara\u015ft\u0131rmalar g\u00f6steriyor ki takip etmek bazen m\u00fcmk\u00fcn. K\u0131saca: Bazen al\u0131\u015fveri\u015fi takip etmek m\u00fcmk\u00fcn ancak kolay de\u011fil. C\u00fczdan\u0131 bulsan\u0131z bile, polisler bu c\u00fczdan\u0131n kime oldu\u011funa ait kimlik ara\u015ft\u0131rmas\u0131 yapmak zorundalar. <\/p>\n<p><strong>CoinVault ve yarat\u0131c\u0131lar\u0131n\u0131 bulmak ka\u00e7 sene s\u00fcrd\u00fc?<br>\n<\/strong><br>\nCoinVault hikayesi Panda G\u00fcvenlik\u2019ten Bart\u2019\u0131n ekstra CoinVault modelleri buldu\u011funu tweet atmas\u0131yla ba\u015flad\u0131. Sonradan anla\u015f\u0131ld\u0131 ki o ikisi CoinVault de\u011fildiler ama bir ili\u015fkileri oldu\u011fu a\u00e7\u0131k\u00e7a belli oluyor. CoinVault\u2019un evrimi ile ilgili bir blog yaz\u0131s\u0131 yazmaya kadar verdik. G\u00f6nderinin %90\u2019\u0131n\u0131 bitirdi\u011fimizde onu Uluslararas\u0131 Y\u00fcksek Teknoloji Su\u00e7lar\u0131 \u00dcnitesi\u2019ne (NHTCU) yollad\u0131k.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Decrypting <a href=\"https:\/\/twitter.com\/hashtag\/CoinVault?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#CoinVault<\/a> ransomware <a href=\"https:\/\/t.co\/AmZli3XWT8\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/AmZli3XWT8<\/a><br>Joint operation NHTCU &amp; Kaspersky <a href=\"https:\/\/twitter.com\/jorntvdw?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@jorntvdw<\/a> &amp; <a href=\"https:\/\/twitter.com\/spontiroli?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@spontiroli<\/a> <a href=\"https:\/\/t.co\/7aQ16Sz9d0\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/7aQ16Sz9d0<\/a><\/p>\n<p>\u2014 Dmitry Bestuzhev (@dimitribest) <a href=\"https:\/\/twitter.com\/dimitribest\/status\/587589615852322816?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 13, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>G\u00f6nderiyi bitirdi\u011fimizde, bizi iki olas\u0131 \u015f\u00fcpheliye g\u00f6t\u00fcrecek ipu\u00e7lar\u0131 bulduk. Do\u011fal olarak, bu bilgiyi NHTCU ile payla\u015ft\u0131k. Bu bulu\u015fla Bart\u2019\u0131n tweet\u2019i aras\u0131nda en fazla bir ay vard\u0131 ancak tabiki, b\u00fct\u00fcn zaman\u0131m\u0131z\u0131 blog g\u00f6nderisi yazmakla harcamad\u0131k, non-CoinVault\u2019un \u00e7al\u0131\u015fmas\u0131n\u0131 sa\u011flad\u0131k. G\u00f6nderiyi yay\u0131nlad\u0131ktan sonra, bu konu \u00fczerinde \u00e7al\u0131\u015fmak NHTCU\u2019nun yakla\u015f\u0131k yar\u0131m senesini ald\u0131 ve su\u00e7lular nihayet <a href=\"https:\/\/www.kaspersky.com\/blog\/criminals-behind-the-coinvault-ransomware-are-busted-by-kaspersky-lab-and-dutch-police\/9886\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">ge\u00e7en sene Eyl\u00fcl ay\u0131nda<\/a> tutukland\u0131.<\/p>\n<p><strong>Siber su\u00e7lular fidye yaz\u0131l\u0131m ile ne kadar para kazan\u0131yorlar? <\/strong><\/p>\n<p>\u00c7ok g\u00fczel bir soru ancak cevaplamas\u0131 biraz zor. Ancak takip edebildi\u011fimizde kesin olarak sonu\u00e7 alabiliyoruz. \u00d6rne\u011fin, belli bir c\u00fczdana giden bitcoin miktar\u0131. Ya da polisler emir ve kontrol sunucusunu ele ge\u00e7irdi\u011finde i\u00e7inde olan \u00f6deme bilgileri. Size en az\u0131ndan fikir edindirebilmek i\u00e7in \u015f\u00f6yle diyelim, bir su\u00e7lu 250,000 ki\u015fiye sald\u0131rm\u0131\u015f olsun (e\u011fer b\u00fcy\u00fck \u015firketlerden bahsediyorsak bu muhtemelen yakla\u015f\u0131k bir say\u0131). Ve diyelim ki, \u015fifrelemenin \u00e7\u00f6z\u00fclmesi i\u00e7in 200 dolar istiyorlar (genelde ger\u00e7ek fiyat yakla\u015f\u0131k 400 dolard\u0131r). Kurbanlardan sadece %1\u2019i \u00f6deme yapsa bile, su\u00e7lunun geliri 500.000 dolar olurdu.<br>\n<strong><br>\nFidye yaz\u0131l\u0131m bula\u015fm\u0131\u015f bir bilgisayar\u0131n ba\u011fl\u0131 oldu\u011fu di\u011fer networklere e\u011fer ayn\u0131 i\u015fletim sistemine sahipseler vir\u00fcs bula\u015ft\u0131rma riski var m\u0131? Bir fidye yaz\u0131l\u0131m farkl\u0131 i\u015fletim sistemlerinde \u00e7al\u0131\u015fabilir mi?<\/strong><\/p>\n<p>Sorunuzun ilk b\u00f6l\u00fcm\u00fc i\u00e7in: E\u011fer fidye yaz\u0131l\u0131m solucan \u00f6zelli\u011fine sahipse, network arac\u0131l\u0131\u011f\u0131 ile yay\u0131labilir. \u00d6rnek olarak, <a href=\"https:\/\/www.kaspersky.com\/blog\/zcryptor-ransomware\/12268\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Zcryptor<\/a> ve <a href=\"https:\/\/threatpost.com\/new-server-side-ransomware-hitting-hospitals\/117059\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">SamSam<\/a> bu \u00f6zelli\u011fe sahip olan iki fidye yaz\u0131l\u0131m t\u00fcr\u00fc.<\/p>\n<p>Sorunuzun ikinci b\u00f6l\u00fcm\u00fc i\u00e7in: Web sunucular\u0131n\u0131 hedef alan bir fidye yaz\u0131l\u0131m farkl\u0131 i\u015fletim sistemlerinde \u00e7al\u0131\u015fabilir. \u00d6rnek olarak, PHP dilinde yaz\u0131lm\u0131\u015f korunmas\u0131z bir i\u00e7erik y\u00f6netim sistemi fidye yaz\u0131l\u0131m taraf\u0131ndan hedef al\u0131nabilir. PHP y\u00fckl\u00fc bir web sunucusuna sahip ola bir Windows fidye yaz\u0131l\u0131m taraf\u0131ndan sald\u0131r\u0131ya u\u011frayabilir. Ve sald\u0131rmak \u00fczere bilgisayar\u0131n di\u011fer par\u00e7alar\u0131n\u0131 tarayabilir. S\u0131radaki bilgisayar Linux kurulu ancak PHP web sunucusuna sahip bir bilgisayar olabilir. Toplamak gerekirse cevap: Evet, multiplatform fidye yaz\u0131l\u0131mlar var.<\/p>\n<p>Gelecek haftalarda Jornt\u2019un \u015fifreleme \u00fczerine sorulan sorulara verdi\u011fi cevaplar\u0131 sizinle payla\u015faca\u011f\u0131z. Takipte kal\u0131n!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Jornt van der Wiel GReAT\u2019in (Global Research and Analysis Team \u2013 Global Ara\u015ft\u0131rma ve Analiz Ekibi) bir \u00fcyesi ve bizim fidye yaz\u0131l\u0131m, \u015fifre \u00e7\u00f6z\u00fcmleme uzman\u0131m\u0131z. Hollanda\u2019da ya\u015f\u0131yor ve Kaspersky Lab\u2019da<\/p>\n","protected":false},"author":40,"featured_media":2299,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[934,591,744,937,447,936,935,830,933,553],"class_list":{"0":"post-2298","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-coinvault","10":"tag-fidye-yazilimi","11":"tag-guvenlik","12":"tag-locker","13":"tag-ransomware","14":"tag-roportaj","15":"tag-sifreleyiciler","16":"tag-teslacrypt","17":"tag-uzmana-sorun","18":"tag-zararli-yazilim-2"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/ask-expert-yornt-ransomware\/2298\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ask-expert-yornt-ransomware\/7424\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ask-expert-yornt-ransomware\/7457\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/ask-expert-yornt-ransomware\/7408\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ask-expert-yornt-ransomware\/8744\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ask-expert-yornt-ransomware\/8648\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ask-expert-yornt-ransomware\/12545\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ask-expert-yornt-ransomware\/12631\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/ask-expert-yornt-ransomware\/5877\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/ask-expert-yornt-ransomware\/6445\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/ask-expert-yornt-ransomware\/5175\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/ask-expert-yornt-ransomware\/8229\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ask-expert-yornt-ransomware\/12044\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ask-expert-yornt-ransomware\/12545\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ask-expert-yornt-ransomware\/12631\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ask-expert-yornt-ransomware\/12631\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/coinvault\/","name":"CoinVault"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=2298"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2298\/revisions"}],"predecessor-version":[{"id":7165,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2298\/revisions\/7165"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/2299"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=2298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=2298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=2298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}