{"id":5803,"date":"2019-03-25T14:20:41","date_gmt":"2019-03-25T11:20:41","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=5803"},"modified":"2019-11-15T14:31:31","modified_gmt":"2019-11-15T11:31:31","slug":"hydro-attacked-by-ransomware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/hydro-attacked-by-ransomware\/5803\/","title":{"rendered":"Al\u00fcminyum sekt\u00f6r\u00fcn\u00fcn dev \u015firketi Hydro, fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131s\u0131na u\u011frad\u0131"},"content":{"rendered":"<p>Son birka\u00e7 y\u0131lda, fidye yaz\u0131l\u0131mlar\u0131n\u0131n <a href=\"https:\/\/www.kaspersky.com\/blog\/locky-ransomware\/11667\/\" target=\"_blank\" rel=\"noopener nofollow\">hastaneler<\/a>, <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/mamba-hddcryptor-ransomware\/2691\/\" target=\"_blank\" rel=\"noopener\">toplu ta\u015f\u0131ma ara\u00e7lar\u0131<\/a> ve hatta <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/north-carolina-ransomware\/4540\/\" target=\"_blank\" rel=\"noopener\">\u00fclkenin tamam\u0131nda devlete ait bilgisayarlar<\/a>\u0131 hedef ald\u0131\u011f\u0131 bir\u00e7ok g\u00fcvenlik olay\u0131n\u0131 ele ald\u0131k. Ard\u0131ndan d\u00fcnya genelinde yay\u0131lan ve say\u0131s\u0131z i\u015fletmenin faaliyetlerini etkileyen <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/wannacry-for-b2b\/3191\/\" target=\"_blank\" rel=\"noopener\">WannaCry<\/a>, <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/new-ransomware-epidemics\/3319\/\" target=\"_blank\" rel=\"noopener\">ExPetr<\/a> ve <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/bad-rabbit-ransomware\/4326\/\" target=\"_blank\" rel=\"noopener\">Bad Rabbit<\/a> sald\u0131r\u0131lar\u0131yla beraber silici yaz\u0131l\u0131mlar\u0131n \u00e7a\u011f\u0131 ba\u015flad\u0131.<\/p>\n<p>Neyse ki son on iki ayda bu b\u00fcy\u00fckl\u00fckte ba\u015fka bir olaya rastlamad\u0131k ama bunun nedeni, sald\u0131rganlar\u0131n art\u0131k yenilgiyi kabul etmi\u015f olmalar\u0131 de\u011fildi. 19 Mart tarihinde Norve\u00e7li al\u00fcminyum \u00fcretim devi Hydro, \u015firketin tamam\u0131n\u0131 etkileyen bir fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131s\u0131na u\u011frad\u0131\u011f\u0131n\u0131 a\u00e7\u0131klad\u0131.<\/p>\n<h2>Hydro sald\u0131r\u0131s\u0131: Neler oldu?<\/h2>\n<p>Bas\u0131n toplant\u0131s\u0131nda Hydro s\u00f6zc\u00fcs\u00fcn\u00fcn a\u00e7\u0131klamalar\u0131na g\u00f6re \u00f6nce Hydro\u2019nun g\u00fcvenlik ekibi, gece yar\u0131s\u0131nda \u015firketin sunucular\u0131nda s\u0131ra d\u0131\u015f\u0131 bir etkinlik oldu\u011funu fark etti. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n yay\u0131ld\u0131\u011f\u0131n\u0131 anlay\u0131p sald\u0131r\u0131y\u0131 s\u0131n\u0131rlamaya \u00e7al\u0131\u015ft\u0131lar. Ancak bunda yaln\u0131zca k\u0131smen ba\u015far\u0131l\u0131 olabildiler; santralleri izole etmeyi ba\u015fard\u0131klar\u0131nda yaz\u0131l\u0131m, \u00e7oktan global a\u011flar\u0131na bula\u015fm\u0131\u015ft\u0131. Hydro, etkilenen bilgisayar say\u0131s\u0131 hakk\u0131nda herhangi bir a\u00e7\u0131klama yapmasa da \u015firkette 35.000 insan\u0131n \u00e7al\u0131\u015ft\u0131\u011f\u0131 d\u00fc\u015f\u00fcn\u00fcl\u00fcnce bu say\u0131n\u0131n olduk\u00e7a b\u00fcy\u00fck oldu\u011funu tahmin edebiliriz.<\/p>\n<p>Hydro\u2019nun ekibi, sald\u0131r\u0131n\u0131n etkilerini azaltmak i\u00e7in 7\/24 \u00e7al\u0131\u015farak en az\u0131ndan k\u0131smi bir ba\u015far\u0131 elde edebildi. G\u00fc\u00e7 santralleri ana a\u011fdan izole edildi\u011fi i\u00e7in sald\u0131r\u0131dan etkilenmedi; bu i\u015flem kritik altyap\u0131larla ilgili yap\u0131lmas\u0131 gereken en iyi uygulamayd\u0131. Ancak son y\u0131llarda, daha \u00f6nce hi\u00e7 olmad\u0131\u011f\u0131 kadar otomatikle\u015ftirilen izabe tesisleri izole edilmemi\u015fti. Bu nedenle Norve\u00e7\u2019teki baz\u0131 izabe tesisleri sald\u0131r\u0131dan etkilendi. G\u00fcvenlik ekibi, bunlar\u0131n baz\u0131lar\u0131n\u0131 daha yava\u015f ve yar\u0131 manuel bir modda \u00e7al\u0131\u015ft\u0131rmay\u0131 ba\u015farabildi. Yine de Hydro\u2019nun <a href=\"https:\/\/www.facebook.com\/pg\/norskhydroasa\/posts\/?ref=page_internal\" target=\"_blank\" rel=\"noopener nofollow\">belirtti\u011fine g\u00f6re<\/a> \u201c\u00fcretim sistemlerine ba\u011flan\u0131lamamas\u0131, \u00fcretim konusunda sorunlara ve baz\u0131 tesislerde ge\u00e7ici kesintilere yol a\u00e7t\u0131\u201d.<\/p>\n<p>Sald\u0131r\u0131, \u00e7ok b\u00fcy\u00fck \u00e7apl\u0131 olmas\u0131na ra\u011fmen Hydro\u2019nun faaliyetlerine tamamen engellemedi. Windows i\u015fletim sistemini kullanan makineler \u015fifrelenip \u00e7al\u0131\u015fmaz hale getirilse de Windows\u2019a dayal\u0131 olmayan telefonlar ve tabletler \u00e7al\u0131\u015fmaya devam etti. Bu sayede \u00e7al\u0131\u015fanlar ileti\u015fim kurmaya ve i\u015f ihtiya\u00e7lar\u0131n\u0131 kar\u015f\u0131lamaya devam edebildiler. Al\u00fcminyum \u00fcretiminde kullan\u0131lan ve her biri 10 milyon EUR de\u011ferinde olan banyolar gibi pahal\u0131 kritik altyap\u0131 elemanlar\u0131, sald\u0131r\u0131dan etkilenmemi\u015f gibi g\u00f6r\u00fcn\u00fcyor. G\u00fcvenlik olay\u0131, hi\u00e7bir emniyet sorununa da yol a\u00e7mad\u0131; hi\u00e7 kimse sald\u0131r\u0131dan dolay\u0131 herhangi bir yaralanma ya\u015famad\u0131. Ayr\u0131ca Hydro, sald\u0131r\u0131dan etkilenen her \u015feyin yedeklerden geri y\u00fcklenebilece\u011fini umut ediyor.<\/p>\n<h3>Analiz: Do\u011frular ve yanl\u0131\u015flar<\/h3>\n<p>Muhtemelen faaliyetlerini tamamen eski haline getirmeden \u00f6nce Hydro\u2019nun yapmas\u0131 gereken \u00e7ok i\u015f var; olay\u0131n ara\u015ft\u0131r\u0131lmas\u0131 bile hem Hydro\u2019nun hem de Norve\u00e7 yetkililerinin epey zaman ve \u00e7aba harcamas\u0131n\u0131 gerektirecek. \u015eu ana kadar sald\u0131r\u0131da hangi fidye yaz\u0131l\u0131m\u0131n\u0131n kullan\u0131ld\u0131\u011f\u0131 veya sald\u0131r\u0131y\u0131 kimin ba\u015flatt\u0131\u011f\u0131na dair ortak bir kan\u0131ya ula\u015f\u0131lamad\u0131.<\/p>\n<p>Yetkililer, bu konuda birden \u00e7ok hipotez geli\u015ftirdiklerini belirtiyorlar. Bu hipotezlerden biri, Hydro\u2019nun LockerGoga fidye yaz\u0131l\u0131m\u0131 taraf\u0131ndan sald\u0131r\u0131ya u\u011frad\u0131\u011f\u0131 y\u00f6n\u00fcnde. Bleeping Computer bu yaz\u0131l\u0131m\u0131 \u201cyava\u015f\u201d (analistlerimiz de bu tan\u0131mlamaya kat\u0131l\u0131yor) ve \u201c\u00f6zensiz\u201d olarak <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-lockergoga-ransomware-allegedly-used-in-altran-attack\/\" target=\"_blank\" rel=\"noopener nofollow\">tan\u0131ml\u0131yor<\/a> ve yaz\u0131l\u0131m\u0131n \u201ctespit edilmemek i\u00e7in hi\u00e7bir \u00e7aba g\u00f6stermedi\u011fini\u201d de belirtiyor. Sald\u0131rganlar, fidye notunda bilgisayarlar\u0131n \u015fifresini \u00e7\u00f6zmek i\u00e7in belirli bir miktarda para istemek yerine kurbanlar\u0131n ileti\u015fim kurabilece\u011fi bir adres belirtmi\u015fler.<\/p>\n<p>G\u00fcvenlik olay\u0131n\u0131n analizi hen\u00fcz tamamlanmam\u0131\u015f olsa bile \u015fu a\u015famada, Hydro\u2019nun hem olaydan \u00f6nceki hem de olay s\u0131ras\u0131ndaki do\u011frular\u0131n\u0131 ve yanl\u0131\u015flar\u0131n\u0131 inceleyebiliriz.<\/p>\n<p><strong>Do\u011frular:<\/strong><\/p>\n<ol>\n<li>G\u00fc\u00e7 santralleri ana a\u011fdan izole edildi\u011fi i\u00e7in sald\u0131r\u0131dan etkilenmedi.<\/li>\n<li>G\u00fcvenlik ekibi, izabe tesislerini nispeten h\u0131zl\u0131 bir \u015fekilde izole etmeyi ba\u015fararak tesislerin \u00e7al\u0131\u015fmaya devam etmesini sa\u011flad\u0131 (\u015fu anda bir\u00e7o\u011fu yar\u0131 manuel modda \u00e7al\u0131\u015f\u0131yor).<\/li>\n<li>\u00c7al\u0131\u015fanlar, olaydan sonra bile normal bir \u015fekilde ileti\u015fim kurabildiklerine g\u00f6re ileti\u015fim sunucusu da, muhtemelen yeterli d\u00fczeyde korunuyordu ve sald\u0131r\u0131dan etkilenmemi\u015fti.<\/li>\n<li>Hydro, \u015fifrelenen verilerin geri getirilmesini ve faaliyetlerin devam etmesini sa\u011flayabilecek yedekler olu\u015fturmu\u015f.<\/li>\n<li>Hydro, olaydan do\u011facak masraflar\u0131n bir k\u0131sm\u0131n\u0131 kar\u015f\u0131layacak bir siber sigortaya sahip.<\/li>\n<\/ol>\n<p><strong>Yanl\u0131\u015flar:<\/strong><\/p>\n<ol>\n<li>B\u00fcy\u00fck ihtimalle a\u011f, uygun \u015fekilde segmentlere ayr\u0131lmam\u0131\u015ft\u0131. A\u011f segmentasyonu do\u011fru olsayd\u0131 fidye yaz\u0131l\u0131m\u0131n\u0131n yay\u0131lmas\u0131n\u0131 durdurmak ve sald\u0131r\u0131y\u0131 s\u0131n\u0131rlamak \u00e7ok daha kolay olurdu.<\/li>\n<li>Hydro taraf\u0131ndan kullan\u0131lan g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc, fidye yaz\u0131l\u0131m\u0131n\u0131 yakalayabilecek kadar g\u00fc\u00e7l\u00fc de\u011fildi (LockerGoga, nispeten yeni olsa da iyi bilinen bir yaz\u0131l\u0131m, \u00f6rne\u011fin <a href=\"http:\/\/kas.pr\/karttr\" target=\"_blank\" rel=\"noopener\">Kaspersky Security<\/a> bu yaz\u0131l\u0131m\u0131 Trojan-Ransom.Win32.Crypgen.afbf olarak tan\u0131mlam\u0131\u015ft\u0131r).<\/li>\n<li>G\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc, fidye yaz\u0131l\u0131mlar\u0131na kar\u015f\u0131 koruma sa\u011flayan bir yaz\u0131l\u0131mla desteklenebilirdi. \u00d6rne\u011fin di\u011fer g\u00fcvenlik \u00e7\u00f6z\u00fcmlerine ek olarak kurulabilen ve sistemi her t\u00fcrl\u00fc fidye yaz\u0131l\u0131m\u0131, madencilik yaz\u0131l\u0131m\u0131 ve di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan koruyan \u00fccretsiz <a href=\"http:\/\/kas.pr\/karttr\" target=\"_blank\" rel=\"noopener\">Kaspersky Anti-Ransomware Tool<\/a> yaz\u0131l\u0131m\u0131m\u0131z bunun i\u00e7in idealdir.<\/li>\n<\/ol>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kartb2b\">\n","protected":false},"excerpt":{"rendered":"<p>Norve\u00e7li end\u00fcstri devi Hydro, fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131s\u0131na u\u011frad\u0131 &#8211; g\u00fcvenlik olay\u0131 analizi<\/p>\n","protected":false},"author":675,"featured_media":5804,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[591,1053,1468,935],"class_list":{"0":"post-5803","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-fidye-yazilimi","10":"tag-kilitleyiciler","11":"tag-kritik-altyapilar","12":"tag-sifreleyiciler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/hydro-attacked-by-ransomware\/5803\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/hydro-attacked-by-ransomware\/15429\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/hydro-attacked-by-ransomware\/12994\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/hydro-attacked-by-ransomware\/17373\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/hydro-attacked-by-ransomware\/15522\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/hydro-attacked-by-ransomware\/14211\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/hydro-attacked-by-ransomware\/18059\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/hydro-attacked-by-ransomware\/17052\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/hydro-attacked-by-ransomware\/22421\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hydro-attacked-by-ransomware\/26028\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/hydro-attacked-by-ransomware\/11536\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/hydro-attacked-by-ransomware\/11603\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/hydro-attacked-by-ransomware\/10489\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/hydro-attacked-by-ransomware\/18804\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/hydro-attacked-by-ransomware\/22817\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/hydro-attacked-by-ransomware\/23880\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/hydro-attacked-by-ransomware\/18119\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hydro-attacked-by-ransomware\/22304\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hydro-attacked-by-ransomware\/22236\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/fidye-yazilimi\/","name":"Fidye Yaz\u0131l\u0131m\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5803","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/675"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5803"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5803\/revisions"}],"predecessor-version":[{"id":6819,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5803\/revisions\/6819"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/5804"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}