{"id":3342,"date":"2017-06-30T02:48:35","date_gmt":"2017-06-30T06:48:35","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=3342"},"modified":"2019-11-15T14:50:15","modified_gmt":"2019-11-15T11:50:15","slug":"expetr-for-b2b","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/expetr-for-b2b\/3342\/","title":{"rendered":"ExPetr ciddi i\u015fletmeleri hedef al\u0131yor"},"content":{"rendered":"<p>\u015eu an yeni bir <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/new-ransomware-epidemics\/3319\/\" target=\"_blank\" rel=\"noopener\">kripto zararl\u0131 yaz\u0131l\u0131m\u0131n hastal\u0131k gibi yay\u0131lmas\u0131na \u015fahit oluyoruz<\/a>. Uzmanlar\u0131m\u0131z bu yaz\u0131l\u0131ma ExPetr ad\u0131n\u0131 verdi. Bir\u00e7ok yerde Petya, PerWrap ve di\u011fer ba\u015fka isimlerle an\u0131l\u0131yor. Bu fidye yaz\u0131l\u0131m\u0131n\u0131n temel farkl\u0131l\u0131\u011f\u0131, su\u00e7lular bu sefer kurbanlar\u0131n\u0131 \u00f6nemle se\u00e7tiler. Kurbanlar\u0131n \u00e7o\u011fu bireysel kullan\u0131c\u0131lar de\u011fil, b\u00fcy\u00fck i\u015f yerleri.<\/p>\n<p>\u0130\u015fin k\u00f6t\u00fcs\u00fc bu su\u00e7lular\u0131n hedefinde bu sefer bir\u00e7ok kritik altyap\u0131 tesisi de bulunuyor. \u00d6rne\u011fin, Kiev\u2019deki Boryspil Havaalan\u0131\u2019ndan bir\u00e7ok u\u00e7u\u015fun bu zararl\u0131 yaz\u0131l\u0131m sebebiyle gecikti\u011fi <a href=\"https:\/\/threatpost.com\/complex-petya-like-ransomware-outbreak-worse-than-wannacry\/126561\/\" target=\"_blank\" rel=\"noopener nofollow\">bildirildi<\/a>. Hatta daha k\u00f6t\u00fcs\u00fc \u2013 \u00c7ernobil N\u00fckleer Santrali\u2019nin radyasyon takip sistemi de ayn\u0131 sebeple ge\u00e7ici olarak <a href=\"http:\/\/edition.cnn.com\/2017\/06\/27\/europe\/chernobyl-cyber-attack\/index.html?iid=EL\" target=\"_blank\" rel=\"noopener nofollow\">kullan\u0131lam\u0131yor<\/a>.<\/p>\n<p>Neden kritik altyap\u0131 sistemleri \u015fifreleme yaz\u0131l\u0131mlar\u0131 taraf\u0131ndan sald\u0131r\u0131ya u\u011fruyor? \u00c7\u00fcnk\u00fc ya direkt olarak \u015firketin a\u011f\u0131na ba\u011fl\u0131lar ya da direkt olarak internete ba\u011fl\u0131lar.<\/p>\n<h2>Ne yapmal\u0131<\/h2>\n<p><a href=\"https:\/\/www.kaspersky.com.tr\/blog\/wannacry-for-b2b\/3191\/\" target=\"_blank\" rel=\"noopener\">WannaCry<\/a>\u2018da oldu\u011fu gibi, iki belirgin sorun mevcut: Zararl\u0131 yaz\u0131l\u0131m\u0131n bir \u015firkete bula\u015fmas\u0131, daha sonra a\u011f i\u00e7erisinde yay\u0131lmas\u0131. Bu iki sorunu ayr\u0131 ayr\u0131 ele almam\u0131z daha do\u011fru olur.<\/p>\n<h2>\u015eirkete bula\u015fmas\u0131<\/h2>\n<p>Uzmanlar\u0131m\u0131z zararl\u0131 yaz\u0131l\u0131mlar\u0131n \u015firkete bula\u015fabilece\u011fi farkl\u0131 yollar\u0131 i\u015faret ediyorlar. Baz\u0131 durumlarda, zararl\u0131 internet sitelerini kullanarak kullan\u0131c\u0131lara bula\u015f\u0131yor. Siteye giden kullan\u0131c\u0131lar sistem g\u00fcncellemesi veya ba\u015fka \u015fekillerde g\u00f6rd\u00fc\u011f\u00fc zararl\u0131 yaz\u0131l\u0131m\u0131 bilgisayarlar\u0131na y\u00fckl\u00fcyorlar. Ba\u015fka durumlarda, zararl\u0131 yaz\u0131l\u0131m bilgisayara \u00fc\u00e7\u00fcnc\u00fc parti yaz\u0131l\u0131m g\u00fcncellemeleri olarak da y\u00fcklenebiliyor, Ukrayna men\u015feili hesap y\u00f6netim yaz\u0131l\u0131m\u0131 M.E.Doc. bunun harika bir \u00f6rne\u011fi. Ba\u015fka bir deyi\u015fle, sald\u0131r\u0131lar\u0131n gelece\u011fi tek bir noktadan \u00e7ok daha fazlas\u0131 var.<\/p>\n<ul>\n<li>Sisteminizi zararl\u0131 yaz\u0131l\u0131mlardan korumak i\u00e7in size baz\u0131 \u00f6nerilerimiz var:<\/li>\n<li>\u00c7al\u0131\u015fanlar\u0131n\u0131za \u015f\u00fcpheli mailleri a\u00e7mamalar\u0131n\u0131, \u015f\u00fcpheli ekleri indirmemeleri ve \u015f\u00fcpheli linkleri t\u0131klamamalar\u0131 konusunda uyar\u0131n. Kula\u011fa komik gelebilir ancak bunu hala yapanlar var.<\/li>\n<li>\u0130nternete ba\u011fl\u0131 t\u00fcm sistemlerinizin davran\u0131\u015fsal analiz \u00f6zelli\u011fi bulunan g\u00fcncel bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc ile korundu\u011fundan emin olun<\/li>\n<li>G\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcz\u00fcn \u00f6nemli bile\u015fenlerinin aktif oldu\u011fundan emin olun. Kaspersky Lab \u00fcr\u00fcnleri kullananlar i\u00e7in, bulut tabanl\u0131 tehdit istihbarat a\u011f\u0131 olan Kaspersky Security Network\u2019\u00fcn ve sezgisel analiz motoru olan System Watcher (Sistem \u0130zleyici) mod\u00fcl\u00fcn\u00fcn a\u00e7\u0131k oldu\u011funa emin olun<\/li>\n<li>G\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcz\u00fc d\u00fczenli olarak g\u00fcncelleyin<\/li>\n<li>G\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcz\u00fc tek bir panelden y\u00f6netin, \u00e7al\u0131\u015fanlar\u0131n\u0131z\u0131n ayarlar\u0131 de\u011fi\u015ftirmelerine izin vermeyin<\/li>\n<\/ul>\n<p>Ek bir koruma olarak (\u00f6zellikle Kaspersky Lab \u00fcr\u00fcnleri kullanm\u0131yorsan\u0131z), \u00fccretsiz fidye yaz\u0131l\u0131m\u0131na kar\u015f\u0131 koruma arac\u0131m\u0131z olan Kaspersky Anti-Ransomware Tool\u2019u kullanabilirsiniz. Bu ara\u00e7 ayn\u0131 zamanda di\u011fer g\u00fcvenlik \u00e7\u00f6z\u00fcmleri ile sorunsuz \u015fekilde \u00e7al\u0131\u015f\u0131r.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kartb2b\">\n<h2>A\u011f i\u00e7erisindeki \u00e7o\u011falma<\/h2>\n<p>ExPetr bir defa sisteme girdi mi, yerel a\u011f i\u00e7erisinde da\u011f\u0131lma konusunda WannaCry\u2019dan \u00e7ok daha ba\u015far\u0131l\u0131d\u0131r. \u00c7\u00fcnk\u00fc bu yaz\u0131l\u0131m\u0131 olu\u015fturanlar, bu yaz\u0131l\u0131m\u0131n yeteneklerini ona g\u00f6re geli\u015ftirmi\u015fler. \u0130lk olarak, en az iki tane exploit kullan\u0131yor: modifiye edilmi\u015f EternalBlue (Ki bu WannaCry\u2019da da kullan\u0131lm\u0131\u015ft\u0131) ve EternalRomance (TCP port 445 expoliti). \u0130ki, y\u00f6netici haklar\u0131na sahip bir hesab\u0131 hackledi\u011finde, kendini Windows Management Instrumentation teknolojisiyle veya PsExec uzaktan kontrol arac\u0131yla da\u011f\u0131t\u0131yor.<\/p>\n<p>Zararl\u0131 yaz\u0131l\u0131m\u0131n sisteminizde yay\u0131lmas\u0131n\u0131 engellemek i\u00e7in (\u00f6zellikle kritik altyap\u0131larda), yapman\u0131z gerekenler \u015funlard\u0131r;<\/p>\n<ul>\n<li>Ayr\u0131 a\u011f segmentinde aktif internet ba\u011flant\u0131s\u0131 gerektiren sistemleri izole edin<\/li>\n<li>Kalan ba\u011flant\u0131lar\u0131 k\u0131s\u0131tl\u0131 ba\u011flant\u0131lar i\u00e7eren alt a\u011flara veya sanal alt a\u011flara b\u00f6l\u00fcn, yaln\u0131zca teknoloji i\u015flemleri i\u00e7in onu gerektiren sistemleri ba\u011flay\u0131n<\/li>\n<li>WannaCry sonras\u0131nda (\u00d6zellikle sanayi \u015firketleri i\u00e7in), Kaspersky Lab ICS CERT uzmanlar\u0131n\u0131n tavsiyelerini <a href=\"https:\/\/ics-cert.kaspersky.com\/reports\/2017\/06\/22\/wannacry-on-industrial-networks\/\" target=\"_blank\" rel=\"noopener\">inceleyin<\/a><\/li>\n<li>Kritik Windows g\u00fcvenlik g\u00fcncellemelerini zaman\u0131nda yap\u0131n. \u00d6zellikle <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/wannacry-windows-update\/3218\/\" target=\"_blank\" rel=\"noopener\">MS17-010 g\u00fcncellemesi<\/a> EternalBlue ve EternalRomance a\u00e7\u0131klar\u0131n\u0131 kapat\u0131yor<\/li>\n<li>Yedekleme sunucular\u0131n\u0131 a\u011f\u0131n geri kalan\u0131ndan ay\u0131r\u0131n ve yedekleme sunucular\u0131ndaki uzak s\u00fcr\u00fcc\u00fclerle olan ba\u011flant\u0131y\u0131 kullanarak \u00e7al\u0131\u015fanlar\u0131n\u0131z\u0131n eri\u015fimini m\u00fcmk\u00fcn oldu\u011funca engelleyin<\/li>\n<li>Kaspersky Endpoint Security for Business\u2019\u0131n bile\u015feni olan Application Control (Uygulama Kontrol) veya Windows AppLocker sistemi kullanarak <em>perfc.dat<\/em> dosyas\u0131n\u0131n \u00e7al\u0131\u015fmas\u0131n\u0131 yasaklay\u0131n<\/li>\n<li>Birden fazla g\u00f6m\u00fcl\u00fc sistem kullanan altyap\u0131 sistemleri i\u00e7in, Kaspersky Embedded Security Systems gibi uzmanla\u015fm\u0131\u015f g\u00fcvenlik \u00e7\u00f6z\u00fcmleri kullan\u0131n<br>\nM\u00fcmk\u00fcnse Default Deny (Otomatik Red) modunu ek koruma sistemi olarak kullan\u0131n. Kaspersky Endpoint Security for Business\u2019\u0131n Application Control (Uygulama Kontrol) bile\u015feniyle yapabilirsiniz<\/li>\n<\/ul>\n<p>Her zamanki gibi, otomatik yaz\u0131l\u0131m g\u00fcncellemelerini (i\u015fletim sistemi g\u00fcncellemeleri dahil), fidye yaz\u0131l\u0131m\u0131 korumal\u0131 ve i\u015fletim sisteminizdeki t\u00fcm bile\u015fenleri kontrol eden bir g\u00fcvenlik yaz\u0131l\u0131m\u0131 kullanman\u0131z\u0131 \u00f6neririz.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-b2b\">\n<h2>Fidye \u00f6demek veya \u00f6dememek<\/h2>\n<p>Son olarak, daima \u201cfidye \u00f6demeyin\u201d dememize ra\u011fmen baz\u0131 firmalar\u0131n ba\u015fka \u00e7aresi olmad\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcnmelerini \u00e7ok iyi anl\u0131yoruz. Ancak dosyalar\u0131n\u0131z ExPetr taraf\u0131ndan \u015fifrelendiyse, hi\u00e7bir \u015fekilde fidye \u00f6dememelisiniz.<\/p>\n<p>Uzmanlar\u0131m\u0131z bu fidye vir\u00fcs\u00fcn\u00fcn y\u00fckleme ID\u2019sini kaydetmedi\u011fini ke\u015ffetti. Bu ID olmadan, dosya \u00e7\u00f6z\u00fcm i\u00e7in gerekli anahtar olu\u015fturulamaz. K\u0131sacas\u0131 kurbanlar fidye \u00f6dese dahi \u015fifre \u00e7\u00f6z\u00fcm anahtar\u0131 alamayacaklar.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u015eu an yeni bir kripto zararl\u0131 yaz\u0131l\u0131m\u0131n hastal\u0131k gibi yay\u0131lmas\u0131na \u015fahit oluyoruz. Uzmanlar\u0131m\u0131z bu yaz\u0131l\u0131ma ExPetr ad\u0131n\u0131 verdi. Bir\u00e7ok yerde Petya, PerWrap ve di\u011fer ba\u015fka isimlerle an\u0131l\u0131yor. Bu fidye yaz\u0131l\u0131m\u0131n\u0131n temel farkl\u0131l\u0131\u011f\u0131, su\u00e7lular bu sefer kurbanlar\u0131n\u0131 \u00f6nemle se\u00e7tiler. Kurbanlar\u0131n \u00e7o\u011fu bireysel kullan\u0131c\u0131lar de\u011fil, b\u00fcy\u00fck i\u015f yerleri.<\/p>\n","protected":false},"author":700,"featured_media":3343,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[1260,1262,591,1261,1263,843,447,1256,537,241,1227],"class_list":{"0":"post-3342","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-cryptomalware","10":"tag-expetr","11":"tag-fidye-yazilimi","12":"tag-kripto-zararli-yazilim","13":"tag-notpetya","14":"tag-petya","15":"tag-ransomware","16":"tag-salgin","17":"tag-tehditler","18":"tag-trojan","19":"tag-wannacry"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/expetr-for-b2b\/3342\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/expetr-for-b2b\/8718\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/expetr-for-b2b\/4736\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/expetr-for-b2b\/11726\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/expetr-for-b2b\/10752\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/expetr-for-b2b\/13617\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/expetr-for-b2b\/13654\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/expetr-for-b2b\/17896\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/expetr-for-b2b\/17343\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/expetr-for-b2b\/9223\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/expetr-for-b2b\/6994\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/expetr-for-b2b\/13798\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/expetr-for-b2b\/17329\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/expetr-for-b2b\/17538\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/tehditler\/","name":"tehditler"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=3342"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3342\/revisions"}],"predecessor-version":[{"id":7048,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3342\/revisions\/7048"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/3343"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=3342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=3342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=3342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}