{"id":3319,"date":"2017-06-27T15:03:21","date_gmt":"2017-06-27T19:03:21","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=3319"},"modified":"2020-05-13T19:39:14","modified_gmt":"2020-05-13T16:39:14","slug":"new-ransomware-epidemics","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/new-ransomware-epidemics\/3319\/","title":{"rendered":"Petya \/ NotPetya \/ ExPetr fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131s\u0131"},"content":{"rendered":"<p><b>[Son g\u00fcncelleme 28 Haziran, 20:50]<\/b><\/p>\n<p>D\u00fcn gece, yeni bir k\u00fcresel fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131s\u0131 ba\u015flad\u0131. Ve g\u00f6r\u00fcnen o ki ge\u00e7ti\u011fimiz g\u00fcnlerden hat\u0131rlayaca\u011f\u0131n\u0131z <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/wannacry-ransomware\/3181\/\" target=\"_blank\" rel=\"noopener\">WannaCry<\/a> kadar b\u00fcy\u00fck olacak.<\/p>\n<p>Ge\u00e7ti\u011fimiz s\u00fcre i\u00e7erisinde farkl\u0131 \u00fclkelerden baz\u0131 b\u00fcy\u00fck firmalar bu fidye yaz\u0131l\u0131m\u0131ndan etkilendi\u011fini belirtti. Salg\u0131n\u0131n b\u00fcy\u00fckl\u00fc\u011f\u00fcne bakarak, bu olay\u0131n daha da b\u00fcy\u00fcyece\u011fini s\u00f6yleyebiliriz.<\/p>\n<p>Kimi uzmanlara g\u00f6re WannaCry olabilece\u011fi (hay\u0131r, de\u011fil) veya <a href=\"https:\/\/www.kaspersky.com\/blog\/petya-ransomware\/11715\/\" target=\"_blank\" rel=\"noopener nofollow\">Petya<\/a>\u2018n\u0131n bir t\u00fcr\u00fc olabilece\u011fi (Petya.A, Petya.D veya <a href=\"https:\/\/securelist.ru\/petrwrap-the-new-petya-based-ransomware-used-in-targeted-attacks\/30388\/\" target=\"_blank\" rel=\"noopener\">PetrWrap<\/a>) d\u00fc\u015f\u00fcn\u00fcl\u00fcyor. Kaspersky Lab uzmanlar\u0131 ise bu tehditin Petya\u2019n\u0131n bilinen t\u00fcrlerinden farkl\u0131 oldu\u011funu ve bu y\u00fczden farkl\u0131 bir zararl\u0131 yaz\u0131l\u0131m ailesine ait oldu\u011funu belirtiyor. \u015eimdilik ismine ExPetr (veya NotPetya) diyece\u011fiz.<\/p>\n<p>G\u00f6r\u00fcnen o ki, bu sald\u0131r\u0131 farkl\u0131 karma\u015f\u0131k vekt\u00f6rler bulunduruyor. En az\u0131ndan kurumsal a\u011flarda yay\u0131lmas\u0131 i\u00e7in EternatlBlue exploitinin modifiye edilmi\u015f hali oldu\u011funu s\u00f6yleyebiliriz. <a href=\"https:\/\/securelist.com\/schroedingers-petya\/78870\/\" target=\"_blank\" rel=\"noopener\">Detayl\u0131 teknik bilgi i\u00e7in t\u0131klay\u0131n.<\/a><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3321\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2017\/06\/27145908\/wannamore-ransomware-screenshot.jpg\" alt=\"\" width=\"1280\" height=\"745\"><\/p>\n<p>\u015eimdilik Kaspersky Lab \u00fcr\u00fcnleri bu yeni fidye yaz\u0131l\u0131m\u0131n\u0131 \u015fu isimlerle tan\u0131yor:<\/p>\n<ul>\n<li>Trojan-Ransom.Win32.ExPetr.a<\/li>\n<li>HEUR:Trojan-Ransom.Win32.ExPetr.gen<\/li>\n<li>UDS:DangerousObject.Multi.Generic (Kaspersky Security Network taraf\u0131ndan ke\u015ffedildi)<\/li>\n<li>PDM:Trojan.Win32.Generic (System Watcher mod\u00fcl\u00fc taraf\u0131ndan ke\u015ffedildi)<\/li>\n<li>PDM:Exploit.Win32.Generic (System Watcher mod\u00fcl\u00fc taraf\u0131ndan ke\u015ffedildi)<\/li>\n<\/ul>\n<h2>Kurumsal m\u00fc\u015fterilerimiz i\u00e7in<\/h2>\n<p>1. Kaspersky Security Network\u2019\u00fcn ve System Watcher bile\u015fenlerinin a\u00e7\u0131k oldu\u011fundan emin olun.<\/p>\n<p>2. <strong>Acilen<\/strong> antivirus veri taban\u0131n\u0131z\u0131 g\u00fcncelleyin.<\/p>\n<p>3. Hatta \u00f6n\u00fcm\u00fczdeki birka\u00e7 saat i\u00e7erisinde manuel olarak tekrar tekrar g\u00fcncelleyebilirsiniz.<\/p>\n<p>4. Ek koruma sa\u011flamas\u0131 i\u00e7in <a href=\"https:\/\/help.kaspersky.com\/KESWin\/10SP2\/tr-TR\/39265.htm\" target=\"_blank\" rel=\"noopener nofollow\">Uygulama Ayr\u0131cal\u0131\u011f\u0131 Denetimi<\/a>\u2018ni kullanabilirsiniz. Bu bile\u015fen Kaspersky Endpoint Security\u2019de bulunur ve t\u00fcm eri\u015fim <a href=\"http:\/\/support.kaspersky.com\/10905#block1\" target=\"_blank\" rel=\"noopener\">giri\u015fimlerini engeller<\/a>. Dolay\u0131s\u0131yla <em>perfc.dat<\/em> ve PSExec\u2019i engeller (Bu Sysinternals Suite\u2019in par\u00e7as\u0131d\u0131r).<\/p>\n<p>5. Alternatif olarak, PSExec\u2019in \u00e7al\u0131\u015fmas\u0131n\u0131 engellemek i\u00e7in Kaspersky Endpoint Security\u2019nin \u00f6zelli\u011fi olan <a href=\"https:\/\/help.kaspersky.com\/KESWin\/10SP2\/tr-TR\/129102.htm\" target=\"_blank\" rel=\"noopener nofollow\">Uygulama Ba\u015flatma Denetimi<\/a>\u2018ni kullan\u0131n. Ancak l\u00fctfen Uygulama Ayr\u0131cal\u0131\u011f\u0131 Denetimi\u2019ni <em>perfc.dat<\/em>\u2018\u0131 engellemesi i\u00e7in kullan\u0131n.<\/p>\n<p>6. Kaspersky Endpoint Security\u2019nin Uygulama Ba\u015flatma Denetimi\u2019nden Default Deny\u2019\u0131 (Otomatik Red) aktif edin, bu ve di\u011fer sald\u0131r\u0131lara kar\u015f\u0131 proaktif koruma sa\u011flad\u0131\u011f\u0131n\u0131zdan emin olun.<\/p>\n<p>7. Ayr\u0131ca AppLocker \u00f6zelli\u011fini kullanarak da bahsetti\u011fimiz <em>perfc.dat<\/em>\u2018\u0131n \u00e7al\u0131\u015fmas\u0131n\u0131 ve PSExec\u2019i engelleyebilirsiniz.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kartb2b\">\n<h2>Bireysel kullan\u0131c\u0131lar i\u00e7in \u00f6neriler<\/h2>\n<p>Ev kullan\u0131c\u0131lar\u0131 bu tehditten daha az etkilendiler. Sald\u0131r\u0131n\u0131n arkas\u0131ndaki ki\u015filer b\u00fcy\u00fck \u015firketleri hedef al\u0131yor. Ancak, fazla koruma g\u00f6z \u00e7\u0131kartmaz. \u015eunlar\u0131 yapabilirsiniz.<\/p>\n<p>1. Verilerinizi yedekleyin. Hatta bunu d\u00fczenli hale getirin.<\/p>\n<p>2. E\u011fer bizim \u00e7\u00f6z\u00fcmlerimizden birini kullan\u0131yorsan\u0131z, Kaspersky Security Network ve System Watcher (Sistem \u0130zleyici) bile\u015fenlerinin a\u00e7\u0131k oldu\u011funa emin olun.<\/p>\n<p>3. Anti vir\u00fcs veri taban\u0131n\u0131z\u0131 manuel olarak kendiniz g\u00fcncelleyin. Ger\u00e7ekten, \u00e7ok zaman alan bir i\u015flem de\u011fil. Hemen yap\u0131n.<\/p>\n<p>4. Windows i\u00e7in t\u00fcm g\u00fcvenlik g\u00fcncellemelerini yap\u0131n. Bu g\u00fcncellemelerden biri EternalBlue\u2019nun a\u00e7\u0131\u011f\u0131 kapat\u0131yor. Nas\u0131l yapaca\u011f\u0131n\u0131z\u0131 \u00f6\u011frenmek i\u00e7in <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/wannacry-windows-update\/3218\/\" target=\"_blank\" rel=\"noopener noreferrer\">buraya t\u0131klay\u0131n<\/a>.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-ransomware\">\n<h2>Fidye \u00f6demeyin<\/h2>\n<p>Motherboard\u2019un yapt\u0131\u011f\u0131 <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/new8xw\/hacker-behind-massive-ransomware-outbreak-cant-get-emails-from-victims-who-paid\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">g\u00fcncellemeye<\/a> g\u00f6re, Alman mail sa\u011flay\u0131c\u0131s\u0131 Posteo, kurbanlar\u0131n fidye \u00f6dedikten sonra ileti\u015fime ge\u00e7mesi gereken mail adresini kapatt\u0131. Kapat\u0131lan mail adresine bitcoin g\u00f6nderildi\u011fini ve su\u00e7lular\u0131n \u00e7\u00f6z\u00fcm anahtarlar\u0131n\u0131 g\u00f6nderdi\u011fini do\u011frulad\u0131. Bu, \u015fu anlama geliyor; \u015fu an fidye \u00f6deyen ma\u011fdurlar, su\u00e7lularla ileti\u015fime ge\u00e7emeyecek ve \u00e7\u00f6z\u00fcm anahtar\u0131 alamayacaklar. Kaspersky Lab olarak, fidye \u00f6demenizi \u00f6nermiyoruz, zaten \u015fu an fidye \u00f6demeniz de i\u015fe yaramaz.<\/p>\n<p><strong>G\u00fcncelleme: <\/strong>Ayr\u0131ca, uzmanlar\u0131m\u0131zan analizleri do\u011frultusunda \u015funu s\u00f6yleyebiliriz; kurbanlar\u0131n dosyalar\u0131n\u0131 kurtarmas\u0131 i\u00e7in pek de \u015fanslar\u0131 yokmu\u015f.<\/p>\n<p>Kaspersky Lab uzmanlar\u0131 y\u00fcksek seviyeli \u015fifreleme kodunun rutinini analiz ettiler ve disk \u015fifrelemeden sonra, \u015fifreyi a\u00e7amad\u0131\u011f\u0131n\u0131 ke\u015ffettiler. \u015eifreyi \u00e7\u00f6zmek i\u00e7in y\u00fckleme ID\u2019sine ihtiya\u00e7 var. Bu fidye yaz\u0131l\u0131m\u0131na benzeyen di\u011fer fidye yaz\u0131l\u0131mlar\u0131nda (Petya\/Mischa\/GoldenEye), \u015fifre \u00e7\u00f6z\u00fcm\u00fc i\u00e7in y\u00fckleme ID\u2019si gerekliydi.<\/p>\n<p>ExPetr (NotPetya) fidye yaz\u0131l\u0131m\u0131nda ise y\u00fckleme ID\u2019si yok. Bu da \u015fu anlama geliyor, \u015fifreledi\u011fi bilgisayar\u0131 \u00e7\u00f6zmek i\u00e7in gerekli olan \u00f6nemli bilgi mevcut de\u011fil. K\u0131sacas\u0131, kurbanlar dosyalar\u0131n\u0131 kurtaramazd\u0131.<\/p>\n<p>Fidye \u00f6demeyin. \u0130\u015fe yaramaz.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[Son g\u00fcncelleme 28 Haziran, 20:50]<\/p>\n<p>D\u00fcn gece, yeni bir k\u00fcresel fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131s\u0131 ba\u015flad\u0131. Ve g\u00f6r\u00fcnen o ki ge\u00e7ti\u011fimiz g\u00fcnlerden hat\u0131rlayaca\u011f\u0131n\u0131z WannaCry kadar b\u00fcy\u00fck olacak.<\/p>\n","protected":false},"author":40,"featured_media":3320,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[1255,980,885,591,1257,843,447,543,1256,935,537,241,1227],"class_list":{"0":"post-3319","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-blocker","10":"tag-cryptor","11":"tag-engelleyiciler","12":"tag-fidye-yazilimi","13":"tag-haber","14":"tag-petya","15":"tag-ransomware","16":"tag-saldiri","17":"tag-salgin","18":"tag-sifreleyiciler","19":"tag-tehditler","20":"tag-trojan","21":"tag-wannacry"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/new-ransomware-epidemics\/3319\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/new-ransomware-epidemics\/8698\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/new-ransomware-epidemics\/4712\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/new-ransomware-epidemics\/11710\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/new-ransomware-epidemics\/11249\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/new-ransomware-epidemics\/10732\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/new-ransomware-epidemics\/13581\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/new-ransomware-epidemics\/13641\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/new-ransomware-epidemics\/17855\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/new-ransomware-epidemics\/17314\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/new-ransomware-epidemics\/9226\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/new-ransomware-epidemics\/9204\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/new-ransomware-epidemics\/6963\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/new-ransomware-epidemics\/16631\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/new-ransomware-epidemics\/17314\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/new-ransomware-epidemics\/17314\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/tehditler\/","name":"tehditler"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=3319"}],"version-history":[{"count":19,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3319\/revisions"}],"predecessor-version":[{"id":8301,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3319\/revisions\/8301"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/3320"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=3319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=3319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=3319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}