{"id":9888,"date":"2021-08-06T11:36:50","date_gmt":"2021-08-06T08:36:50","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9888"},"modified":"2021-08-06T11:48:53","modified_gmt":"2021-08-06T08:48:53","slug":"ransomware-group-policies","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/ransomware-group-policies\/9888\/","title":{"rendered":"Grup ilkeleri, fidye yaz\u0131l\u0131mlar\u0131n\u0131n yay\u0131lmas\u0131n\u0131 sa\u011fl\u0131yor"},"content":{"rendered":"

Fidye yaz\u0131l\u0131m\u0131 olu\u015fturma s\u00fcreci, teknik destek hizmeti, bas\u0131n merkezleri ve reklam kampanyalar\u0131yla bir s\u00fcre \u00f6nce bir yeralt\u0131 end\u00fcstrisine d\u00f6n\u00fc\u015ft\u00fc<\/a>. Di\u011fer her end\u00fcstride oldu\u011fu gibi burada da rekabet\u00e7i bir \u00fcr\u00fcn yaratabilmek i\u00e7in s\u00fcrekli bir iyile\u015ftirme s\u00fcreci gerekiyor. \u00d6rne\u011fin LockBit, bir etki alan\u0131 denetleyicisi arac\u0131l\u0131\u011f\u0131yla yerel bilgisayarlara bula\u015fmay\u0131 otomatikle\u015ftirme \u00f6zelli\u011finin reklam\u0131n\u0131 yapan siber su\u00e7 gruplar\u0131n\u0131n sonuncusudur.<\/p>\n

LockBit, Hizmet Olarak Fidye Yaz\u0131l\u0131m\u0131 (RaaS) modeli ile m\u00fc\u015fterilerine (ger\u00e7ek sald\u0131rganlara) altyap\u0131 ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m sa\u011flar ve elde edilen fidyeden pay al\u0131r. Kurban\u0131n a\u011f\u0131na girmek, y\u00fcklenicinin sorumlulu\u011fundad\u0131r. Fidye yaz\u0131l\u0131m\u0131n\u0131n a\u011f \u00fczerindeki da\u011f\u0131t\u0131m\u0131nda ise LockBit taraf\u0131ndan tasarlanan olduk\u00e7a ilgin\u00e7 bir teknolojiden yararlan\u0131l\u0131r.<\/p>\n

LockBit 2.0\u2019\u0131n da\u011f\u0131t\u0131m\u0131<\/h2>\n

Bleeping Computer<\/a>\u2018\u0131n haz\u0131rlad\u0131\u011f\u0131 raporlara g\u00f6re, sald\u0131rganlar a\u011fa eri\u015fim sa\u011flay\u0131p etki alan\u0131 denetleyicisine ula\u015ft\u0131ktan sonra, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n\u0131 a\u011f \u00fczerinde \u00e7al\u0131\u015ft\u0131r\u0131yor ve daha sonra otomatik olarak a\u011fdaki her bir cihaza g\u00f6nderilen yeni kullan\u0131c\u0131 grubu ilkeleri olu\u015fturuyor. \u0130lkeler \u00f6nce i\u015fletim sisteminin yerle\u015fik g\u00fcvenlik teknolojisini devre d\u0131\u015f\u0131 b\u0131rak\u0131yor. Di\u011fer ilkeler daha sonra t\u00fcm Windows makinelerde fidye yaz\u0131l\u0131m\u0131 y\u00fcr\u00fct\u00fclebilir dosyas\u0131n\u0131 \u00e7al\u0131\u015ft\u0131rmak i\u00e7in zamanlanm\u0131\u015f bir g\u00f6rev olu\u015fturuyor.<\/p>\n

Bleeping Computer, ara\u015ft\u0131rmac\u0131 Vitali Kremez\u2019in s\u00f6yledi\u011fi \u015fekilde, fidye yaz\u0131l\u0131m\u0131n\u0131n bilgisayarlar\u0131n listesini almak amac\u0131yla Basit Dizin Eri\u015fim Protokol\u00fc (LDAP) sorgular\u0131 ger\u00e7ekle\u015ftirmek i\u00e7in Windows Active Directory API\u2019sini kulland\u0131\u011f\u0131n\u0131 belirtiyor. LockBit 2.0 daha sonra Kullan\u0131c\u0131 Hesab\u0131 Denetimini (UAC) a\u015f\u0131yor ve \u015fifrelenen cihazda herhangi bir uyar\u0131 \u00e7\u0131kmas\u0131na izin vermeden sessiz bir \u015fekilde \u00e7al\u0131\u015fmaya ba\u015fl\u0131yor.<\/p>\n

G\u00f6r\u00fcn\u00fc\u015fe g\u00f6re bu, kitlesel pazarda k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n kullan\u0131c\u0131 grubu ilkeleri arac\u0131l\u0131\u011f\u0131yla yay\u0131lmas\u0131 amac\u0131yla ilk kez kullan\u0131lan bir y\u00f6ntem. Ayr\u0131ca LockBit 2.0, fidye mesaj\u0131n\u0131 olduk\u00e7a tuhaf bir \u015fekilde, fidye notunu a\u011fa ba\u011fl\u0131 t\u00fcm yaz\u0131c\u0131lardan yazd\u0131rarak iletiyor.<\/p>\n

\u015eirketimi bu gibi tehditlerden nas\u0131l koruyabilirim?<\/h2>\n

Bir etki alan\u0131 denetleyicisinin ger\u00e7ek anlamda bir Windows sunucusu oldu\u011funu ve bu nedenle korumaya ihtiyac\u0131 oldu\u011funu unutmay\u0131n. \u0130\u00e7inde i\u015fletmelere y\u00f6nelik u\u00e7 nokta g\u00fcvenlik \u00e7\u00f6z\u00fcmlerimizin \u00e7o\u011funun<\/a> yer ald\u0131\u011f\u0131 ve Windows \u00fczerinde \u00e7al\u0131\u015fan sunucular\u0131 en modern tehditlerden koruyan Kaspersky Security for Windows Server, sahip oldu\u011funuz g\u00fcvenlik \u00f6nlemlerinizin bir par\u00e7as\u0131 olmal\u0131d\u0131r.<\/p>\n

Bununla birlikte, fidye yaz\u0131l\u0131m\u0131n\u0131n grup ilkeleri arac\u0131l\u0131\u011f\u0131yla yay\u0131lmas\u0131, bir sald\u0131r\u0131n\u0131n son a\u015famaya geldi\u011fini g\u00f6sterir. K\u00f6t\u00fc ama\u00e7l\u0131 etkinlik \u00e7ok daha erken bir zamanda, \u00f6rne\u011fin sald\u0131rganlar\u0131n a\u011fa ilk girdikleri anda veya etki alan\u0131 denetleyicisini ele ge\u00e7irmeye \u00e7al\u0131\u015ft\u0131klar\u0131nda ortaya \u00e7\u0131kar\u0131lmal\u0131d\u0131r. Y\u00f6netilen Tespit ve Yan\u0131t<\/a> \u00e7\u00f6z\u00fcmleri, \u00f6zellikle bu t\u00fcr bir sald\u0131r\u0131ya ili\u015fkin i\u015faretlerin tespit edilmesi konusunda etkilidir.<\/p>\n

En \u00f6nemlisi ise siber su\u00e7lular ilk eri\u015fim i\u00e7in genellikle sosyal m\u00fchendislik tekniklerini ve kimlik av\u0131 e-postalar\u0131n\u0131 kullan\u0131rlar. \u00c7al\u0131\u015fanlar\u0131n\u0131z\u0131n bu tarz y\u00f6ntemlerle kand\u0131r\u0131lmas\u0131n\u0131 \u00f6nlemek i\u00e7in d\u00fczenli e\u011fitimler d\u00fczenleyerek siber g\u00fcvenlik fark\u0131ndal\u0131klar\u0131n\u0131<\/a> geli\u015ftirin.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

LockBit 2.0 \u015fifreleme fidye yaz\u0131l\u0131m\u0131, ele ge\u00e7irilmi\u015f bir etki alan\u0131 denetleyicisinde olu\u015fturulan grup ilkeleri arac\u0131l\u0131\u011f\u0131yla yerel bir a\u011fda yay\u0131labiliyor. <\/p>\n","protected":false},"author":2581,"featured_media":9889,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2455,591],"class_list":{"0":"post-9888","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-etki-alani-denetleyicisi","10":"tag-fidye-yazilimi"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/ransomware-group-policies\/9888\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/ransomware-group-policies\/23123\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-group-policies\/18605\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/ransomware-group-policies\/9294\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ransomware-group-policies\/25107\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ransomware-group-policies\/23122\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/ransomware-group-policies\/22466\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ransomware-group-policies\/25745\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ransomware-group-policies\/25234\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ransomware-group-policies\/31178\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ransomware-group-policies\/40877\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/ransomware-group-policies\/17409\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/ransomware-group-policies\/17873\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/ransomware-group-policies\/15096\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/ransomware-group-policies\/27141\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ransomware-group-policies\/31314\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/ransomware-group-policies\/27355\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ransomware-group-policies\/24164\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ransomware-group-policies\/29500\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ransomware-group-policies\/29305\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/fidye-yazilimi\/","name":"Fidye Yaz\u0131l\u0131m\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9888"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9888\/revisions"}],"predecessor-version":[{"id":9901,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9888\/revisions\/9901"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9889"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}