{"id":9966,"date":"2021-08-31T13:31:00","date_gmt":"2021-08-31T10:31:00","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9966"},"modified":"2021-08-31T13:31:00","modified_gmt":"2021-08-31T10:31:00","slug":"please-install-ransomware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/please-install-ransomware\/9966\/","title":{"rendered":"L\u00fctfen sunucunuzu \u015fifreleyin"},"content":{"rendered":"

Fidye yaz\u0131l\u0131m\u0131n\u0131n bir \u015firket a\u011f\u0131na girmesi, genellikle e-posta, yaz\u0131l\u0131mlar a\u00e7\u0131klar\u0131 veya korumas\u0131z uzak ba\u011flant\u0131lar arac\u0131l\u0131\u011f\u0131yla ger\u00e7ekle\u015fir. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131, i\u00e7eriden birinin kas\u0131tl\u0131 olarak da\u011f\u0131tmas\u0131 kula\u011fa mant\u0131ks\u0131z gelir. Ancak, ger\u00e7ek hayatta kar\u015f\u0131la\u015f\u0131lan kan\u0131tlar<\/a> \u015funu g\u00f6steriyor ki; baz\u0131 sald\u0131rganlar bu da\u011f\u0131t\u0131m y\u00f6nteminin etkili oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyor ve baz\u0131lar\u0131 ise fidyeden belirli bir y\u00fczde kar\u015f\u0131l\u0131\u011f\u0131nda \u015firket \u00e7al\u0131\u015fanlar\u0131n\u0131 i\u015fe al\u0131yor.<\/p>\n

Yarat\u0131c\u0131 bir da\u011f\u0131t\u0131m y\u00f6ntemi<\/h2>\n

Kula\u011fa ne kadar sa\u00e7ma gelse de, baz\u0131lar\u0131 spam mesajlar yoluyla su\u00e7 ortaklar\u0131 ar\u0131yor. \u00d6rne\u011fin mesajlar\u0131n birinde, DemonWare fidye yaz\u0131l\u0131m\u0131n\u0131 \u015firketlerin ana Windows sunucusuna kurmak ve da\u011f\u0131tmak isteyen herkese do\u011frudan \u201c%40, 1 milyon dolarl\u0131k bitcoin\u201d teklif ediliyor.<\/p>\n

Teklifle ilgilenen su\u00e7 orta\u011f\u0131 gibi g\u00f6r\u00fcnen ara\u015ft\u0131rmac\u0131lar, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 ba\u015flatma talimatlar\u0131yla birlikte dosyaya ait bir ba\u011flant\u0131ya ula\u015ft\u0131. Ancak, e-postan\u0131n arkas\u0131ndaki ki\u015fi g\u00f6r\u00fcn\u00fc\u015fe g\u00f6re deneyimsiz bir siber su\u00e7luydu; ara\u015ft\u0131rmac\u0131lar onu konu\u015fturmakta hi\u00e7 zorlanmad\u0131lar. S\u00f6z konusu tehditin akt\u00f6r\u00fc, LinkedIn\u2019de ileti\u015fim kuracak \u00fcst d\u00fczey y\u00f6neticiler arayan Nijeryal\u0131 gen\u00e7 bir adamd\u0131. Kurumsal siber g\u00fcvenlik sistemlerinin ne kadar g\u00fc\u00e7l\u00fc oldu\u011funu anlay\u0131nca orijinal plan\u0131 olan e-posta ile k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 g\u00f6ndermekten vazge\u00e7ti.<\/p>\n

Peki plandaki hata neydi?<\/h2>\n

Tehdit akt\u00f6r\u00fc, hedefindeki ki\u015fileri sald\u0131r\u0131ya kat\u0131lman\u0131n g\u00fcvenli oldu\u011fu konusunda ikna etmek amac\u0131yla fidye yaz\u0131l\u0131m\u0131n\u0131n, olas\u0131 g\u00fcvenlik kameras\u0131 g\u00f6r\u00fcnt\u00fcleri de dahil olmak \u00fczere su\u00e7la ilgili t\u00fcm kan\u0131tlar\u0131 silece\u011fini iddias\u0131nda bulundu ve herhangi bir ipucu b\u0131rakmamak ad\u0131na y\u00fcr\u00fct\u00fclebilir dosyan\u0131n silinmesini tavsiye etti. Su\u00e7lunun, su\u00e7 ortaklar\u0131n\u0131 kand\u0131rmay\u0131 planlad\u0131\u011f\u0131 beklense de \u2014 muhtemelen, sunucu \u015fifrelendikten sonra, bunu yapan ki\u015fiye ne oldu\u011fu umurunda olmayacakt\u0131 \u2014 dijital adli bili\u015fim soru\u015fturmalar\u0131n\u0131n nas\u0131l y\u00fcr\u00fct\u00fcld\u00fc\u011f\u00fc konusunu pek fikri oldu\u011fu s\u00f6ylenemez.<\/p>\n

Ayr\u0131ca DemonWare\u2019i kullanma karar\u0131 da deneyimsizli\u011fini ele veriyordu. Sald\u0131rganlar hala DemonWare kullan\u0131yor olsa da s\u00f6z konusu yaz\u0131l\u0131m asl\u0131nda kaynak kodu GitHub\u2019da bulunan \u00e7ok da karma\u015f\u0131k olmayan bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131md\u0131r. \u0130ddiaya g\u00f6re yaz\u0131l\u0131m\u0131n yarat\u0131c\u0131s\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131, fidye yaz\u0131l\u0131m\u0131 yazman\u0131n ne kadar kolay oldu\u011funu g\u00f6stermek i\u00e7in geli\u015ftirmi\u015fti.<\/p>\n

Kendinizi koruman\u0131n yollar\u0131<\/h2>\n

Bu spesifik bir \u00f6rnek olsa da, \u015firket i\u00e7inden ki\u015filerin bir fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131s\u0131na kat\u0131lmas\u0131 tamamen ger\u00e7ek\u00e7i bir ihtimaldir. Bununla birlikte, birinin bir a\u011f \u00fczerinde k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ba\u015flatmas\u0131ndan \u00e7ok daha olas\u0131d\u0131r. Ancak bu senaryoda, \u015firketin bilgi sistemine eri\u015fimin birisi taraf\u0131ndan sat\u0131lmas\u0131 s\u00f6z konusudur.<\/p>\n

Kurumsal a\u011flara eri\u015fim uzun s\u00fcredir dark web\u2019de olan bir pazar ve fidyeciler genellikle \u2014 \u0130lk Eri\u015fim Arac\u0131lar\u0131 (Initial Access Brokers) diye bilinen \u2014 di\u011fer siber su\u00e7lulardan eri\u015fim sat\u0131n al\u0131yor<\/a>. \u015eirket a\u011f\u0131na veya bulut sunucular\u0131na uzaktan eri\u015fim i\u00e7in veri sat\u0131n almakla \u00f6zellikle ilgilenebilecek ki\u015filer onlar. \u015eirketle sorun ya\u015fayan veya i\u015ften at\u0131lan \u00e7al\u0131\u015fanlara y\u00f6nelik bu t\u00fcr sat\u0131n alma reklamlar\u0131 dark web\u2019de dola\u015f\u0131yor.<\/p>\n

Kimsenin, fidyecilerin a\u011flar\u0131n\u0131za girmesine izin vererek \u015firketinizin g\u00fcvenli\u011fini tehlikeye atmamas\u0131n\u0131 sa\u011flamak ad\u0131na \u015funlar\u0131 yapman\u0131z\u0131 \u00f6neriyoruz:<\/p>\n