Polyglot\u2019ta CTB-Locker\u2019\u0131n bir\u00e7ok izini g\u00f6rebilirsiniz. Aray\u00fcz\u00fc anlams\u0131z \u015fekilde eski trojana benziyor. Kurban\u0131n ekran g\u00f6r\u00fcnt\u00fcs\u00fcn\u00fc ayn\u0131 \u015fekilde de\u011fi\u015ftiriyor. T\u0131pk\u0131 CTB-Locker\u2019\u0131n yapt\u0131\u011f\u0131 gibi, kurban\u0131n 5 dosyas\u0131n\u0131n \u015fifresini \u00e7\u00f6zerek bu i\u015fi yapabildi\u011fini g\u00f6steriyor.<\/p>\n
Polyglot\u2019un kurbanlar\u0131 y\u00f6nlendirdi\u011fi bilgilendirme ekranlar\u0131 da CTB-Locker\u2019\u0131n ayn\u0131s\u0131. Yaz\u0131l\u0131 metinler kopyala yap\u0131\u015ft\u0131r yap\u0131lm\u0131\u015f gibi duruyor. Hatta internet ba\u011flant\u0131s\u0131 bulunmad\u0131\u011f\u0131 zaman verdi\u011fi hata ekran\u0131 da ayn\u0131.<\/p>\n
![\"polyglot-comparison-screen\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2016\/10\/06013900\/polyglot-comparison-screen.png\")
<\/p>\n
\u0130ki \u015fifreleyici de ayn\u0131 algoritmay\u0131 kullan\u0131yor \u2013 tabi Polyglot\u2019un algoritmas\u0131 biraz daha g\u00fc\u00e7l\u00fc.<\/p>\n
Polyglot genellikle spam mailler arac\u0131l\u0131\u011f\u0131yla da\u011f\u0131t\u0131l\u0131yor \u2013 \u00f6nemli bir dosya gibi g\u00f6z\u00fcken bir mail olarak geliyor. Ama tabi, anlad\u0131\u011f\u0131n\u0131z \u00fczere ortada \u00f6nemli bir dosya yok \u2013 sadece \u00e7al\u0131\u015ft\u0131r\u0131labilir zararl\u0131 yaz\u0131l\u0131m var. Polyglot bilgisayara y\u00fcklendi\u011finde kontrol ve y\u00f6netim paneline ba\u011fl\u0131yor bula\u015ft\u0131\u011f\u0131 bilgisayar hakk\u0131nda bilgi veriyor. Bizim denememizde 0.7 bitcoins istedi (Bu yakla\u015f\u0131k 320$ ediyor, bu da yakla\u015f\u0131k 971 TL ediyor).<\/p>\n
CTB-Locker ile Polyglot aras\u0131ndaki belki de tek g\u00f6rsel uyu\u015fmazl\u0131k, CTB \u015fifreledi\u011fi dosyalar\u0131n uzant\u0131s\u0131n\u0131 genellikle .ctbl ya da .ctb2 yaparken MarsJoke\/Polyglot uzant\u0131lar\u0131n\u0131 oldu\u011fu gibi b\u0131rak\u0131yor.<\/p>\n
Polyglot ve CTB-Locker aras\u0131ndaki bu kadar benzerli\u011fe ra\u011fmen, her ikisi de tamamen farkl\u0131 fidye yaz\u0131l\u0131m\u0131 \u00e7e\u015fitleri. Neredeyse hi\u00e7 ipucu b\u0131rakm\u0131yorlar. Uzmanlar\u0131m\u0131z CTB-Locker\u2019\u0131n g\u00f6r\u00fcn\u00fc\u015f\u00fc taklit etmesinden dolay\u0131, Polyglot\u2019un yap\u0131mc\u0131lar\u0131n\u0131n ara\u015ft\u0131rmac\u0131lar\u0131 \u2018ayn\u0131 ki\u015filerin\u2019 yapt\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcnd\u00fcrmeye \u00e7al\u0131\u015ft\u0131klar\u0131n\u0131 d\u00fc\u015f\u00fcn\u00fcyor.<\/p>\n
![\"polyglot-comparison-screen2\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2016\/10\/06013859\/polyglot-comparison-screen2.png\")
<\/p>\n
Bildi\u011finiz gibi, CTB-Locker\u2019\u0131n \u015fifreledi\u011fi dosyalar\u0131 fidye \u00f6deme harici bilinen bir \u00e7\u00f6z\u00fcm y\u00f6ntemi yok. Bu y\u00fczden Polyglot ve CTB-Locker ayn\u0131 \u015fekilde de\u011ferlendirilemez. Polyglot\u2019un yaz\u0131l\u0131mc\u0131lar\u0131, anahtar olu\u015fturucu (key generator) b\u00f6l\u00fcm\u00fcn\u00fcn yaz\u0131l\u0131m\u0131nda hata yapm\u0131\u015flar, bu hata da Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131n\u0131n \u00e7\u00f6z\u00fcm olu\u015fturmas\u0131na sebep oldu \u2013 \u015fifrelenmi\u015f dosyalar\u0131n\u0131z\u0131n hepsini \u00e7\u00f6zebilece\u011finiz \u00fccretsiz bir ara\u00e7.<\/p>\n
Polyglot\/MarsJoke taraf\u0131ndan \u015fifrelenmi\u015f dosyalar\u0131n\u0131z\u0131 a\u00e7mak i\u00e7in, \u00fccretsiz RannohDecryptor arac\u0131n\u0131n\u0131 (version 1.9.3.0 ya da daha yeni) noransom.kaspersky.com<\/a> adresinden indirin, dosyalar\u0131n\u0131z\u0131 kurtar\u0131n.<\/p>\n D\u00fcr\u00fcst olmak gerekirse, Polyglot\/MarsJoke konusunda biraz \u015fansl\u0131yd\u0131k. Fidye yaz\u0131l\u0131m\u0131 yarat\u0131c\u0131lar\u0131 s\u00fcrekli olarak yaz\u0131l\u0131mlar\u0131n\u0131 geli\u015ftirir ve g\u00fcnceller. \u00d6rne\u011fin; Biz CryptXXX<\/a>\u2018i 3 defa \u00e7\u00f6zd\u00fckten sonra, program yaz\u0131l\u0131mc\u0131lar\u0131 algoritmay\u0131 \u00f6yle de\u011fi\u015ftirdiler ki, olu\u015fturdu\u011fumuz ara\u00e7lar \u015fifrelerini \u00e7\u00f6zemedi. Belki Polyglot\u2019un yarat\u0131c\u0131lar\u0131 da ayn\u0131 \u015feyi yaparlar. Yani bu olay da \u015fu anlama geliyor: bunlar\u0131 \u00e7\u00f6zen \u00fccretsiz ara\u00e7lar\u0131m\u0131z\u0131n olmas\u0131 sizi g\u00fcvende tutmaz, her an geli\u015febilirler.<\/p>\n