{"id":6367,"date":"2019-08-29T12:59:42","date_gmt":"2019-08-29T09:59:42","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=6367"},"modified":"2019-11-15T14:25:01","modified_gmt":"2019-11-15T11:25:01","slug":"ransomware-in-fortnite-cheats","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/ransomware-in-fortnite-cheats\/6367\/","title":{"rendered":"Syrk fidye yaz\u0131l\u0131m\u0131, Fortnite hile paketinde pusuda bekliyor"},"content":{"rendered":"<p>Siber su\u00e7lular, pop\u00fcler oyunlar dahil olmak \u00fczere insanlar\u0131n ilgi ve be\u011fenilerini kullanarak her \u015feyden para kazanmaya \u00e7al\u0131\u015fmaktad\u0131r. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar, \u00e7o\u011fu zaman, \u00f6zellikle <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/apex-legends-mobile-fakes\/5736\/\" target=\"_blank\" rel=\"noopener\">hen\u00fcz resmi olarak piyasaya s\u00fcr\u00fclmemi\u015f bir oyunun<\/a> <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/how-pirates-hook-gamers\/5710\/\" target=\"_blank\" rel=\"noopener\">korsan kopyas\u0131<\/a> veya <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/fortnite-security\/5222\/\" target=\"_blank\" rel=\"noopener\">mobil s\u00fcr\u00fcm\u00fc<\/a> gibi g\u00f6r\u00fcnmektedir.<\/p>\n<p>Yak\u0131n bir zamanda da Syrk adl\u0131 \u015fifreleyici bir fidye yaz\u0131l\u0131m ortaya \u00e7\u0131kt\u0131. Kendine iki y\u0131l i\u00e7inde 250 milyon gibi g\u00fc\u00e7l\u00fc bir oyuncu kitlesi olu\u015fturan Fortnite oyunu i\u00e7in bir hile paketi s\u00fcs\u00fc veren Syrk, oyunculara bir <a href=\"https:\/\/threatpost.com\/fortnite-ransomware-masquerades-as-an-aimbot-game-hack\/147549\/\" target=\"_blank\" rel=\"noopener nofollow\">paket i\u00e7inde iki hile<\/a> vaat ediyor: aimbot (otomatik ni\u015fan alma arac\u0131) ve WH (ESP olarak da bilinen bu hile, oyunda di\u011fer oyuncular\u0131n yerlerini bulmaya yarar). Ancak bu paketin ger\u00e7ekte yapt\u0131\u011f\u0131, ma\u011fdurun dosyalar\u0131n\u0131 \u015fifrelemek ve fidye istemektir.<\/p>\n<h2>Fidye yaz\u0131l\u0131m\u0131 Syrk nas\u0131l \u00e7al\u0131\u015f\u0131yor<\/h2>\n<p>Cyren \u015firketinden ara\u015ft\u0131rmac\u0131lara g\u00f6re Syrk, temel olarak a\u00e7\u0131k kaynakl\u0131 bir fidye yaz\u0131l\u0131m\u0131n\u0131n tam kopyas\u0131. Bir kere \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda yaz\u0131l\u0131m, komuta kontrol sunucusuna ba\u011flan\u0131r ve a\u015fa\u011f\u0131da belirtilen programlar\u0131 devre d\u0131\u015f\u0131 b\u0131rak\u0131r:<\/p>\n<ul>\n<li>Windows Defender,<\/li>\n<li>UAC (y\u00f6netici i\u015flemleri i\u00e7in kullan\u0131c\u0131 izni isteyen sistem),<\/li>\n<li>Task Manager, Process Monitor ve Process Hacker gibi istilay\u0131 tespit etmek i\u00e7in kullan\u0131labilecek i\u015flem izleme uygulamalar\u0131.<\/li>\n<\/ul>\n<p>\u015eifreleyici, kullan\u0131c\u0131n\u0131n sadece bilgisayar\u0131 yeniden ba\u015flatarak kurtulamamas\u0131 i\u00e7in kendisini otomatik y\u00fckleme listesine de ekler. Bilgisayara ba\u011fl\u0131 USB bellek varsa Syrk, ona da bula\u015fmaya \u00e7al\u0131\u015f\u0131r.<\/p>\n<p>Bunun \u00fczerine k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, ortam dosyalar\u0131n\u0131, metin belgelerini, elektronik \u00e7izelgeleri ve sunumlar\u0131, ZIP ve RAR ar\u015fivlerini, Photoshop ve Microsoft Visual Studio dosyalar\u0131n\u0131 bulup \u015fifrelemeye koyulur. Sonu\u00e7 olarak bunlara .SYRK uzant\u0131s\u0131 verir.<\/p>\n<p>Monit\u00f6rde kapat\u0131lamaz bir fidye talebi g\u00f6sterilir.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Syrk Ransomware seems inspired by a Fortnite Hacktool, terminates task manager, process hacker, really good at being persistent and annoying. Does encrypt but might still be in development. 30\/67 in VT<a href=\"https:\/\/t.co\/x7Y6Tz4NB1\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/x7Y6Tz4NB1<\/a> <a href=\"https:\/\/t.co\/6e9wI8XTQR\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/6e9wI8XTQR<\/a><\/p>\n<p>\u2014 Leo (@leotpsc) <a href=\"https:\/\/twitter.com\/leotpsc\/status\/1156875558174769152?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 1, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Arka planda Guy Fawkes maskesi olan metinde, dosyalar\u0131 kurtarman\u0131n tek yolunun su\u00e7lularla e-posta yoluyla ileti\u015fime ge\u00e7ip kendilerine \u00f6deme yapmak oldu\u011fu belirtilir. Ma\u011fdura da bunun i\u00e7in s\u0131n\u0131rl\u0131 bir s\u00fcre verilir: Syrk, \u015fifreledi\u011fi dosyalar\u0131 iki saatte bir siler; \u00f6nce foto\u011fraflar klas\u00f6r\u00fcnden ba\u015flar, ard\u0131ndan masa\u00fcst\u00fcne ge\u00e7er ve son olarak kullan\u0131c\u0131n\u0131n belgelerini siler.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-ransomware\">\n<h3>Dosyalar\u0131n\u0131z\u0131 \u00fccretsiz kurtar\u0131n<\/h3>\n<p>Haberler iyi: Syrk bilgisayar\u0131n\u0131za girmi\u015f ve belgelerinizi \u015fifrelemi\u015f olsa dahi fidye \u00f6demek zorunda de\u011filsiniz. Bula\u015ft\u0131\u011f\u0131 bilgisayarda bulunan dosyalar\u0131n \u015fifresini \u00e7\u00f6zmek i\u00e7in gereken anahtar, g\u00fcncel s\u00fcr\u00fcm\u00fcnde fiili olarak saklanmaktad\u0131r. S\u00f6z konusu anahtar, C:UsersDefaultAppDataLocalMicrosoft klas\u00f6r\u00fcnde, -pw+.txt veya +dp-.txt ad\u0131nda bir dosyadad\u0131r.<\/p>\n<p>Dosyalar\u0131n\u0131z\u0131 kurtarmak i\u00e7in:<\/p>\n<ul>\n<li>Anahtar\u0131 kopyalay\u0131n.<\/li>\n<li>Fidye talep penceresinde <em>Show My ID<\/em> se\u00e7ene\u011fine bas\u0131n, bilgisayar kimli\u011finizi g\u00f6steren ve <em>Enter the key to Decrypt your Files<\/em> (Dosyalar\u0131n\u0131z\u0131n \u015eifresini \u00c7\u00f6zmek i\u00e7in Anahtar\u0131 Girin) davetinin yer ald\u0131\u011f\u0131 bir sayfa a\u00e7\u0131l\u0131r.<\/li>\n<li>Anahtar\u0131 ilgili alana yap\u0131\u015ft\u0131r\u0131n ve <em>Decrypt my Files<\/em> (Dosyalar\u0131m\u0131n \u015eifresini \u00c7\u00f6z) se\u00e7ene\u011fine bas\u0131n.<\/li>\n<\/ul>\n<p>Program, \u015fifrelenmi\u015f foto\u011fraflar\u0131 ve belgeleri kurtar\u0131r, ard\u0131ndan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mdan kalanlar\u0131 temizleyecek iki adet .exe dosyas\u0131 olu\u015fturur ve \u00e7al\u0131\u015ft\u0131r\u0131r.<\/p>\n<p>Her ne kadar daha zor olsa da dosyalar\u0131n\u0131z\u0131 kurtarman\u0131n bir yolu daha vard\u0131r. Do\u011frusu bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mda, \u00e7\u0131kar\u0131p \u00e7al\u0131\u015ft\u0131rabilirseniz belgeleri kurtaran bir \u015fifre \u00e7\u00f6zme bile\u015feni vard\u0131r. Ayr\u0131ca bu se\u00e7enekte vir\u00fcs\u00fcn manuel olarak silinmesi gerekir.<\/p>\n<h3>Fidye yaz\u0131l\u0131mlar\u0131ndan korunun<\/h3>\n<p>Ara\u015ft\u0131rmac\u0131lara g\u00f6re, her ne kadar profesyonel yard\u0131m gerekebilse de, Syrk taraf\u0131ndan silinen verilerin kurtar\u0131lmas\u0131 m\u00fcmk\u00fcnd\u00fcr. Yerel saklanan anahtar\u0131 kullanarak dosyalar\u0131 kurtarmak \u015fu an i\u00e7in i\u015fe yar\u0131yor ancak k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 geli\u015ftirenler, ileride ara\u00e7lar\u0131n\u0131 kullan\u0131c\u0131lar\u0131n fidye \u00f6demeden dosyalar\u0131n\u0131n \u015fifresini \u00e7\u00f6zme olana\u011f\u0131n\u0131 ortadan kald\u0131racak \u015fekilde de\u011fi\u015ftirebilir. Her zaman oldu\u011fu gibi en iyi taktik, fidye yaz\u0131l\u0131mlar\u0131n\u0131n size zarar vermesini ba\u015ftan \u00f6nlemektir.<\/p>\n<ul>\n<li>Bilgisayar oyunlar\u0131nda harika avantajlar sa\u011fl\u0131yor olsalar bile g\u00fcvenilmeyen kaynaklardan kesinlikle program indirmeyin. Hatta, oyunlarda harika avantajlar sa\u011flad\u0131klar\u0131n\u0131 s\u00f6yl\u00fcyorlarsa <em>\u00f6zellikle<\/em> ka\u00e7\u0131n\u0131n.<\/li>\n<li>Dosyalar\u0131n\u0131z\u0131 yedekleyin ve bilgisayar\u0131n\u0131zdan do\u011frudan eri\u015filemeyecek \u015fekilde saklay\u0131n. Harici HDD veya flash disk kullanacaks\u0131n\u0131z, bunlar\u0131 sadece yedekleme i\u015flemi tamamlanana kadar tak\u0131l\u0131 tutun.<\/li>\n<li>G\u00fcvenilir bir koruma \u00e7\u00f6z\u00fcm\u00fc y\u00fckleyin. Syrk,<\/li>\n<li><a href=\"http:\/\/kas.pr\/kdkistr\" target=\"_blank\" rel=\"noopener\">Kaspersky Internet Security<\/a> taraf\u0131ndan k\u00f6t\u00fc ama\u00e7l\u0131 bir nesne olarak alg\u0131lan\u0131r; yani, indirmeyi veya \u00e7al\u0131\u015ft\u0131rmay\u0131 deneseniz dahi dosyalar\u0131n\u0131za eri\u015fmesine kesinlikle izin verilmez.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-ransomware\">\n","protected":false},"excerpt":{"rendered":"<p>Kendisini bir Fortnite hile paketi gibi maskeleyen Syrk fidye yaz\u0131l\u0131m\u0131 kullan\u0131c\u0131lar\u0131 tehdit ediyor. Bu yaz\u0131l\u0131m\u0131n ne oldu\u011funu ve dosyalar\u0131n\u0131z\u0131 nas\u0131l kurtaraca\u011f\u0131n\u0131z\u0131 \u00f6\u011frenin.<\/p>\n","protected":false},"author":2484,"featured_media":6368,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[1225,1995,1703,744,1996,586,537],"class_list":{"0":"post-6367","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-cryptoware","9":"tag-fidye-yazilim-ransomware","10":"tag-fortnite","11":"tag-guvenlik","12":"tag-hileler","13":"tag-oyunlar","14":"tag-tehditler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/ransomware-in-fortnite-cheats\/6367\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/ransomware-in-fortnite-cheats\/16558\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-in-fortnite-cheats\/13950\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/ransomware-in-fortnite-cheats\/6454\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ransomware-in-fortnite-cheats\/18497\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ransomware-in-fortnite-cheats\/16590\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/ransomware-in-fortnite-cheats\/15221\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ransomware-in-fortnite-cheats\/19135\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ransomware-in-fortnite-cheats\/17850\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ransomware-in-fortnite-cheats\/23449\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ransomware-in-fortnite-cheats\/28104\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/ransomware-in-fortnite-cheats\/12156\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/ransomware-in-fortnite-cheats\/12265\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/ransomware-in-fortnite-cheats\/11103\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/ransomware-in-fortnite-cheats\/19999\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/ransomware-in-fortnite-cheats\/10155\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ransomware-in-fortnite-cheats\/23971\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/ransomware-in-fortnite-cheats\/24184\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ransomware-in-fortnite-cheats\/18920\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ransomware-in-fortnite-cheats\/23267\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ransomware-in-fortnite-cheats\/23190\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/fortnite\/","name":"fortnite"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2484"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=6367"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6367\/revisions"}],"predecessor-version":[{"id":6737,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6367\/revisions\/6737"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/6368"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=6367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=6367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=6367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}