{"id":8188,"date":"2020-05-04T14:28:01","date_gmt":"2020-05-04T11:28:01","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=8188"},"modified":"2020-05-04T14:28:01","modified_gmt":"2020-05-04T11:28:01","slug":"shade-decryptor-2020","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/shade-decryptor-2020\/8188\/","title":{"rendered":"Shade fidye yaz\u0131l\u0131m\u0131n\u0131n t\u00fcm t\u00fcrlerini \u00e7\u00f6z\u00fcn"},"content":{"rendered":"<p>Shade fidye yaz\u0131l\u0131m\u0131n\u0131 hat\u0131rl\u0131yor musunuz? Bu g\u00f6nderiyi yazmam\u0131z\u0131n sebebi, Shade\u2019in art\u0131k bir tehdit olmaktan \u00e7\u0131kmas\u0131 ve en son s\u00fcr\u00fcmleri taraf\u0131ndan \u015fifrelenmi\u015f olan dosyalar\u0131n\u0131z\u0131 bile geri alabilecek olman\u0131z. Bunun nas\u0131l oldu\u011funa bir bakal\u0131m.<\/p>\n<h2>Shade fidye yaz\u0131l\u0131m\u0131 nedir?<\/h2>\n<p>Troldesh olarak da bilinen Shade, 2015\u2019te yay\u0131lmaya ba\u015flayan k\u00f6t\u00fc ama\u00e7l\u0131 bir \u015fifreleyici. Ofis belgelerini, resimleri ve ar\u015fivleri ve di\u011fer baz\u0131 dosya t\u00fcrlerini \u015fifreleyerek kurbanlardan \u015fifre \u00e7\u00f6zme i\u00e7in \u00f6deme yapmalar\u0131n\u0131 istiyordu. Farkl\u0131 t\u00fcrler, break_bad ve da_vinci_code gibi s\u00fcsl\u00fc dosya adlar\u0131 kullan\u0131yordu. Shade arkada\u015flar\u0131n\u0131 da beraberinde getiriyor, istedi\u011fi her \u015feyi \u015fifreledikten sonra di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 da indiriyordu.<\/p>\n<p>2016 y\u0131l\u0131nda, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m analistlerimiz Shade\u2019in farkl\u0131 s\u00fcr\u00fcmleri i\u00e7in <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/shade-decryptor\/2277\/\" target=\"_blank\" rel=\"noopener\">bir \u015fifre \u00e7\u00f6z\u00fcc\u00fc olu\u015fturmay\u0131 ba\u015fard\u0131<\/a>. Bu, anahtarlarla sunucular\u0131 ele ge\u00e7iren polis ve g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 aras\u0131ndaki i\u015fbirli\u011fi sayesinde ger\u00e7ekle\u015fti.<\/p>\n<p>Bununla birlikte, Shade\u2019in arkas\u0131ndaki grup hi\u00e7bir yere kaybolmad\u0131 ve \u015fifre \u00e7\u00f6z\u00fcc\u00fcn\u00fcn \u00e7al\u0131\u015fmad\u0131\u011f\u0131 yeni fidye yaz\u0131l\u0131m t\u00fcrleri geli\u015ftirmeye devam etti. Su\u00e7lular Shade\u2019i yaymaya devam etti ve 2019 ortas\u0131na kadar olduk\u00e7a aktif kald\u0131lar.<\/p>\n<h2>Shade\u2019in arkas\u0131ndaki grup<\/h2>\n<p>Sonunda i\u015fler de\u011fi\u015fti. 2019\u2019un sonlar\u0131nda ve 2020\u2019nin ba\u015flar\u0131nda, Shade fidye yaz\u0131l\u0131m\u0131 ile kar\u015f\u0131la\u015fan kullan\u0131c\u0131 say\u0131s\u0131 \u00f6nceki y\u0131llara k\u0131yasla \u00f6nemli \u00f6l\u00e7\u00fcde d\u00fc\u015ft\u00fc. Ard\u0131ndan, fidye yaz\u0131l\u0131m\u0131n arkas\u0131ndaki su\u00e7lular, bu yaz\u0131l\u0131m\u0131 b\u0131rakmaya karar verdiklerini duyurdu. Hatta verdikleri zarar i\u00e7in \u00f6z\u00fcr dilediler ve dosyalar\u0131n \u015fifresini \u00e7\u00f6zmek i\u00e7in yakla\u015f\u0131k 750.000 anahtar <a href=\"https:\/\/github.com\/shade-team\/keys\" target=\"_blank\" rel=\"noopener nofollow\">yay\u0131nlad\u0131lar<\/a>.<\/p>\n<div class=\"infogram-embed\" data-id=\"_\/GuDlnEXM1a4vrjeoO8Yf\" data-type=\"interactive\" data-title=\"Shade Ransomware\"><\/div>\n<p><script>!function(e,n,i,s){var d=\"InfogramEmbeds\";var o=e.getElementsByTagName(n)[0];if(window[d]&&window[d].initialized)window[d].process&&window[d].process();else if(!e.getElementById(i)){var r=e.createElement(n);r.async=1,r.id=i,r.src=s,o.parentNode.insertBefore(r,o)}}(document,\"script\",\"infogram-async\",\"https:\/\/e.infogram.com\/js\/dist\/embed-loader-min.js\");<\/script><\/p>\n<p>Bu, \u015fifre \u00e7\u00f6zme yard\u0131mc\u0131 program\u0131n\u0131 g\u00fcncellemek i\u00e7in iyi bir neden; biz de tam olarak bunu yapt\u0131k. Yeni <a href=\"https:\/\/support.kaspersky.com\/13059?_ga=2.27044596.858346383.1588243768-313061628.1558015910\" target=\"_blank\" rel=\"noopener\">Shade \u015fifre \u00e7\u00f6z\u00fcc\u00fcye<\/a> art\u0131k <a href=\"https:\/\/noransom.kaspersky.com\/tr\/\" target=\"_blank\" rel=\"noopener\">noransom.kaspersky.com<\/a> adresinden ula\u015fabilirsiniz ve Shade\u2019in hangi s\u00fcr\u00fcm\u00fc ba\u015f\u0131n\u0131z\u0131 belaya sokmu\u015f olursa olsun, Shade taraf\u0131ndan \u015fifrelenen dosyalar\u0131 de\u015fifre edebilirsiniz.<\/p>\n<p>Unutmay\u0131n, o an i\u00e7in dosyalar\u0131n\u0131z\u0131 geri alabilecek bir \u015fifre \u00e7\u00f6z\u00fcc\u00fc olmasa bile <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/no-no-ransom\/2582\/\" target=\"_blank\" rel=\"noopener\">fidye \u00f6dememeniz gerekti\u011fini daima s\u00f6yl\u00fcyoruz<\/a>; \u00e7\u00fcnk\u00fc eninde sonunda bir \u015fifre \u00e7\u00f6z\u00fcc\u00fc olu\u015fturulacakt\u0131r. Bu olay, ba\u015fka bir t\u00fcr fidye yaz\u0131l\u0131m\u0131 taraf\u0131ndan sald\u0131r\u0131ya u\u011fram\u0131\u015f olsan\u0131z bile, \u015fifrelenmi\u015f dosyalar\u0131n\u0131z\u0131 saklayarak beklemeniz gerekti\u011finize harika bir \u00f6rnek. Bir g\u00fcn, bekledi\u011finiz \u015fifre \u00e7\u00f6z\u00fcc\u00fc \u00e7\u0131kacak.<\/p>\n<h2>Kurtar\u0131lmak yerine en ba\u015fta g\u00fcvende kalmay\u0131 tercih edin<\/h2>\n<p>T\u00fcm Shade kurbanlar\u0131n\u0131n art\u0131k dosyalar\u0131n\u0131 geri alabilmeleri harika bir haber. Ancak, dosyalar\u0131 olay\u0131n ba\u015f\u0131nda kaybetmeselerdi onlar i\u00e7in daha iyi olurdu. Bu nedenle fidye yaz\u0131l\u0131mlar\u0131na kurban gitmemenize yard\u0131mc\u0131 olacak her zamanki \u00fc\u00e7 ipucumuzu tekrar ediyoruz:<\/p>\n<ul>\n<li>D\u00fczenli yedeklemeler yap\u0131n. Bunu nas\u0131l yapaca\u011f\u0131n\u0131z\u0131 <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/how-to-backup\/4212\/\" target=\"_blank\" rel=\"noopener\">ba\u011flant\u0131da a\u00e7\u0131klad\u0131k<\/a>.<\/li>\n<li>\u015e\u00fcpheli ba\u011flant\u0131lara t\u0131klamay\u0131n ve bilinmeyen g\u00f6nderenlerden gelen e-posta eklerini a\u00e7may\u0131n. Temel olarak sa\u011fduyunuzu kullan\u0131n ve \u00f6\u011frenin. Her zamanki sald\u0131r\u0131 vekt\u00f6rlerini \u00f6\u011frendikten sonra, Shade gibi tehditlerden ka\u00e7\u0131nmak \u00e7ok daha kolay olacakt\u0131r.<\/li>\n<li><a href=\"http:\/\/kas.pr\/kdkistr\" target=\"_blank\" rel=\"noopener\">\u0130yi bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc<\/a> kullan\u0131n. Potansiyel tehditleri tespit etmede ger\u00e7ekten iyi oldu\u011funuzu d\u00fc\u015f\u00fcnseniz bile, t\u0131pk\u0131 ip \u00fcst\u00fcnde binlerce defa y\u00fcr\u00fcm\u00fc\u015f bir cambaz\u0131n yine de g\u00fcvenlik halat\u0131 olmas\u0131 gibi, g\u00fcvenilir bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc sizi binde bir de olsa kar\u015f\u0131la\u015fabilece\u011finiz bir kazadan korur.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-ransomware\">\n","protected":false},"excerpt":{"rendered":"<p>Kaspersky ara\u015ft\u0131rmac\u0131lar\u0131, t\u00fcm Shade\/Troldesh fidye yaz\u0131l\u0131m\u0131 t\u00fcrleri taraf\u0131ndan \u015fifrelenmi\u015f dosyalar\u0131 geri almaya yard\u0131mc\u0131 olabilecek bir \u015fifre \u00e7\u00f6z\u00fcc\u00fc yay\u0131nlad\u0131.<\/p>\n","protected":false},"author":40,"featured_media":7656,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[591,982,928,1304],"class_list":{"0":"post-8188","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-fidye-yazilimi","9":"tag-noransom","10":"tag-shade","11":"tag-sifre-cozuculer"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/shade-decryptor-2020\/8188\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/shade-decryptor-2020\/21140\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/shade-decryptor-2020\/16645\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/shade-decryptor-2020\/8203\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/shade-decryptor-2020\/22168\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/shade-decryptor-2020\/19892\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/shade-decryptor-2020\/18610\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/shade-decryptor-2020\/22618\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/shade-decryptor-2020\/21534\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/shade-decryptor-2020\/28311\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/shade-decryptor-2020\/35246\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/shade-decryptor-2020\/14794\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/shade-decryptor-2020\/15155\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/shade-decryptor-2020\/13417\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/shade-decryptor-2020\/23912\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/shade-decryptor-2020\/11416\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/shade-decryptor-2020\/28239\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/shade-decryptor-2020\/25387\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/shade-decryptor-2020\/22204\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/shade-decryptor-2020\/27484\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/shade-decryptor-2020\/27319\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/fidye-yazilimi\/","name":"Fidye Yaz\u0131l\u0131m\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8188"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8188\/revisions"}],"predecessor-version":[{"id":8189,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8188\/revisions\/8189"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/7656"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}