{"id":2400,"date":"2016-09-06T07:56:51","date_gmt":"2016-09-06T11:56:51","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=2400"},"modified":"2019-11-15T14:57:43","modified_gmt":"2019-11-15T11:57:43","slug":"fantom-ransomware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/fantom-ransomware\/2400\/","title":{"rendered":"Windows g\u00fcncellemesi gibi g\u00f6z\u00fcken Fantom fidye yaz\u0131l\u0131m\u0131"},"content":{"rendered":"<p>Biz s\u0131k s\u0131k d\u00fczenli bir \u015fekilde i\u015fletim sisteminizi ve yaz\u0131l\u0131mlar\u0131n\u0131z\u0131 g\u00fcncellemenizi \u00f6neriyoruz: A\u00e7\u0131klar zaman\u0131nda kapat\u0131lmazlarsa, zararl\u0131 yaz\u0131l\u0131mlar taraf\u0131ndan a\u015f\u0131l\u0131rlar. <a href=\"http:\/\/www.bleepingcomputer.com\/news\/security\/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Fantom<\/a> ad\u0131ndaki garip bir fidye yaz\u0131l\u0131m\u0131 g\u00fcncellemeleri istismar ediyor. <\/p>\n<p>Teknik a\u00e7\u0131dan, Fantom neredeyse bir\u00e7ok fidye yaz\u0131l\u0131m\u0131 ile ayn\u0131. Utku \u015een taraf\u0131ndan geli\u015ftirilmi\u015f <a href=\"https:\/\/www.kaspersky.com\/blog\/ded-cryptor-ransomware\/12526\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">ba\u015far\u0131s\u0131z bir deney<\/a> olan EDA2 a\u00e7\u0131k kaynak fidye yaz\u0131l\u0131m\u0131 kodlar\u0131na dayan\u0131yor. Asl\u0131nda Fantom, EDA2 tabanl\u0131 bir\u00e7ok \u015fifreleyiciden biri, ama i\u015flevlerini gizlemesi onu daha \u00f6zel k\u0131l\u0131yor. <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How an open-source educational project on <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a> turned into <a href=\"https:\/\/twitter.com\/hashtag\/DedCryptor?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#DedCryptor<\/a> <a href=\"https:\/\/t.co\/O2aW1Xnuzg\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/O2aW1Xnuzg<\/a> <a href=\"https:\/\/t.co\/WkwJvOtTXZ\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/WkwJvOtTXZ<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/751424392266129408?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 8, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Fantom\u2019un y\u00f6ntemleri ve bula\u015fma bi\u00e7imleri hakk\u0131nda bir bilgimiz yok hen\u00fcz. Ama bilgisayara bula\u015ft\u0131ktan sonra, s\u0131radan fidye yaz\u0131l\u0131m\u0131 rutinlerini ba\u015flat\u0131yor: \u015fifreleme anahtar\u0131 olu\u015fturuyor, \u015fifreliyor, ve y\u00f6netim \u2013 kontrol sunucular\u0131nda bar\u0131nd\u0131rarak daha sonra kullan\u0131lmas\u0131n\u0131 bekliyor. <\/p>\n<p>Daha sonra Trojan bilgisayar\u0131 tarar, ses \u2013 g\u00f6rsel \u2013 video \u2013 office formatlar\u0131 dahil 350\u2019den fazla pop\u00fcler formattaki dosyalar\u0131 bulur ve \u015fifreler. Bahsi ge\u00e7en anahtar\u0131 kullan\u0131r ve dosya isimlerine .fantom ekler. Ama en garip ve ilgi \u00e7ekici k\u0131sm\u0131 \u015fu, b\u00fct\u00fcn bu i\u015flemleri kullan\u0131c\u0131n\u0131n g\u00f6zleri \u00f6n\u00fcnde yapar. <\/p>\n<p>O k\u0131s\u0131ma ge\u00e7meden \u00f6nce \u015funu belirtmekte fayda var, bu fidye yaz\u0131l\u0131m\u0131 kendini \u00f6nemli bir Windows g\u00fcncellemesi gibi g\u00f6sterir. Ve program ba\u015flat\u0131ld\u0131\u011f\u0131 zaman, sadece bir program \u00e7al\u0131\u015ft\u0131rmaz- iki tane \u00e7al\u0131\u015ft\u0131r\u0131r: \u015fifreleyicinin kendisi ve Windows G\u00fcncellemesi gibi g\u00f6z\u00fcken ufak ve masum bir program daha. <\/p>\n<p>\u0130kincisi Windows g\u00fcncelleme ekran\u0131 gibi g\u00f6r\u00fcn\u00fcyor ve davran\u0131yordu (Windows\u2019un g\u00fcncellendi\u011fini belirten mavi ekran). Fantom kullan\u0131c\u0131lar\u0131n verilerini arkada \u015fifrelerken, ekranda \u201cg\u00fcncelleneme\u201d oluyordu (bu g\u00fcncelleme asl\u0131nda \u015fifrelemenin durumunu belirtiyor). <\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2016\/09\/06013937\/windows-update-screen.png\" alt=\"windows-update-screen\" width=\"1191\" height=\"674\" class=\"alignnone size-full wp-image-2402\"><\/p>\n<p>Bu hile kullan\u0131c\u0131n\u0131n dikkatini da\u011f\u0131tmak ve \u015fifreleme i\u015flemi s\u0131ras\u0131nda \u015f\u00fcphelenmemesini sa\u011flamak i\u00e7in kullan\u0131l\u0131\u0131yor. Sahte y\u00fckleme ekran\u0131 t\u00fcm ekran\u0131 kaplad\u0131\u011f\u0131 i\u00e7in, di\u011fer programlara g\u00f6rsel olarak eri\u015fimi de engelliyor. <\/p>\n<p>E\u011fer kullan\u0131c\u0131 bir \u015feylerden \u015f\u00fcphelenirse, CTRL ve F4 tu\u015flar\u0131na basarak sahte Windows ekran\u0131n\u0131 k\u00fc\u00e7\u00fcltebilir, ama bu Fantom\u2019un \u015fifrelemesini durdurmaz. <\/p>\n<p>\u015eifreleme bittikten sonra, Fantom geride b\u0131rakt\u0131\u011f\u0131 izleri siler (\u00e7al\u0131\u015ft\u0131r\u0131labilir dosyalar\u0131n\u0131 siliyor), HTML olarak fidye notu yazar, her dosyaya bu konu kopyalar ve masa\u00fcst\u00fc arka plan\u0131n\u0131  fidye bildirimi ile de\u011fi\u015ftirir. Sald\u0131ran ki\u015fi kurbana bir mail adresi verir, b\u00f6ylece irtibat kurabilirler ve \u00f6deme yollar\u0131 hakk\u0131nda konu\u015fabilirler. <\/p>\n<p>\u0130rtibat i\u00e7in mail b\u0131rakmak Rus\u00e7a konu\u015fan hackerlar i\u00e7in normal, bu arada, Rus oldu\u011funu d\u00fc\u015f\u00fcnmemizi sa\u011flayan di\u011fer i\u015faretler \u015funlar: Yandex.ru mail adresi ve \u00e7ok k\u00f6t\u00fc bir \u0130ngilizce. BleepingComputer\u2019a g\u00f6re; \u201cGramer ve kullan\u0131lan kelimelere bakarsak, \u015fimdiye kadar g\u00f6rd\u00fc\u011f\u00fcm\u00fcz en k\u00f6t\u00fc fidye notu.\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2016\/09\/06013935\/ransom-note-screen.png\" alt=\"ransom-note-screen\" width=\"1015\" height=\"495\" class=\"alignnone size-full wp-image-2403\"><\/p>\n<p>K\u00f6t\u00fc haber de \u015fu, \u015fifrelenmi\u015f dosyalar\u0131 a\u00e7man\u0131n \u015fimdilik bir yolu yok \u2013 ve biz de, her zamanki gibi, fidye \u00f6demenizi <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/why-you-dont-pay-ransomware\/2156\/\" target=\"_blank\" rel=\"noopener noreferrer\">\u00f6nermiyoruz<\/a>. Bu y\u00fczden, en iyi yakla\u015f\u0131m ilk olarak bunun kurban\u0131 olmamak. \u0130\u015fte birka\u00e7 ipucu:<\/p>\n<p>Verilerinizi d\u00fczenli olarak harici bir diske yedekleyin. Harici bir diskte yedeklerinizin bulunmas\u0131 \u015fu anlama geliyor, bilgisayar\u0131n\u0131za bu zararl\u0131 yaz\u0131l\u0131m bula\u015fsa bile dosyalar\u0131n\u0131z\u0131 kurtarabilirsiniz. <a href=\"https:\/\/kas.pr\/kdktstr\" target=\"_blank\" rel=\"noopener noreferrer\">Kaspersky Total Security<\/a> bunu otomatik olarak kendisi yap\u0131yor. <\/p>\n<p>Dikkatli olun: \u015e\u00fcphelendi\u011finiz e-mail eklerini a\u00e7may\u0131n, bilinmeyen internet sitelerinden uzak durun ve \u015f\u00fcphe \u00e7eken online reklamlara t\u0131klamay\u0131n. Fantom, her fidye yaz\u0131l\u0131m\u0131 oldu\u011fu gibi, sisteminize bula\u015fmak i\u00e7in her \u015feyi deneyebilir. <\/p>\n<p>G\u00fc\u00e7l\u00fc bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc kullan\u0131n: Mesela, <a href=\"http:\/\/kas.pr\/kdkistr\" target=\"_blank\" rel=\"noopener noreferrer\">Kaspersky Internet Security<\/a> \u015fimdiden Fantom fidye vir\u00fcs\u00fcn\u00fc Trojan-Ransom.MSIL.Tear.wbf ya da PDM:Trojan.Win32.Generic olarak tan\u0131yor. Hatta hen\u00fcz bilinmeyen bir fidye yaz\u0131l\u0131m\u0131 anti vir\u00fcs motorunu a\u015fabilirse, System Watcher \u00f6zelli\u011fi \u015f\u00fcpheli hareketi tespit ederek engelleyecektir. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Biz s\u0131k s\u0131k d\u00fczenli bir \u015fekilde i\u015fletim sisteminizi ve yaz\u0131l\u0131mlar\u0131n\u0131z\u0131 g\u00fcncellemenizi \u00f6neriyoruz: A\u00e7\u0131klar zaman\u0131nda kapat\u0131lmazlarsa, zararl\u0131 yaz\u0131l\u0131mlar taraf\u0131ndan a\u015f\u0131l\u0131rlar. Fantom ad\u0131ndaki garip bir fidye yaz\u0131l\u0131m\u0131 g\u00fcncellemeleri istismar ediyor. Teknik a\u00e7\u0131dan,<\/p>\n","protected":false},"author":2194,"featured_media":2401,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[991,992,591,447,921,537,889,113],"class_list":{"0":"post-2400","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-eda2","10":"tag-fantom","11":"tag-fidye-yazilimi","12":"tag-ransomware","13":"tag-sifreleyici","14":"tag-tehditler","15":"tag-trojanlar","16":"tag-windows"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/fantom-ransomware\/2400\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/fantom-ransomware\/7599\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/fantom-ransomware\/7622\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/fantom-ransomware\/7615\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/fantom-ransomware\/9024\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/fantom-ransomware\/8886\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/fantom-ransomware\/12939\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/fantom-ransomware\/12891\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/fantom-ransomware\/6045\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/fantom-ransomware\/6524\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/fantom-ransomware\/5335\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/fantom-ransomware\/8578\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/fantom-ransomware\/12483\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/fantom-ransomware\/12939\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/fantom-ransomware\/12891\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/fantom-ransomware\/12891\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/eda2\/","name":"EDA2"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2194"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=2400"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2400\/revisions"}],"predecessor-version":[{"id":7147,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2400\/revisions\/7147"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/2401"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=2400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=2400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=2400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}