{"id":1062,"date":"2021-08-06T12:43:19","date_gmt":"2021-08-06T09:43:19","guid":{"rendered":"http:\/\/hilmibilici.com\/blog\/?p=1062"},"modified":"2024-12-02T14:09:21","modified_gmt":"2024-12-02T11:09:21","slug":"__trashed-4","status":"publish","type":"post","link":"http:\/\/hilmibilici.com\/?p=1062","title":{"rendered":"Kodc Fidye Vir\u00fcs\u00fc Ransomware i\u015fletim sisteminden kald\u0131rma"},"content":{"rendered":"

Kodc nedir?<\/strong>
\nMichael Gillespie taraf\u0131ndan ke\u015ffedilen Kodc, Stop \/ Djvu<\/a> fidye yaz\u0131l\u0131m\u0131 ailesine ait k\u00f6t\u00fc ama\u00e7l\u0131 bir programd\u0131r. Bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015fm\u0131\u015f sistemlerde veriler \u015fifrelenir ve ilgili kullan\u0131c\u0131lar\u0131 \u015fifre \u00e7\u00f6zme i\u00e7in fidye talepleri al\u0131r. Kodc ransomware \u015fifreledi\u011finde, t\u00fcm dosyalara ” .kodc ” uzant\u0131s\u0131 eklenir . \u00d6rne\u011fin, \u015fifrelemenin ard\u0131ndan ” 1.jpg ” gibi bir dosya ad\u0131 , etkilenen t\u00fcm dosyalar i\u00e7in ” 1.jpg.kodc ” olarak g\u00f6r\u00fcn\u00fcr . Bu i\u015flem tamamland\u0131ktan sonra, masa \u00fcst\u00fcnde bir metin dosyas\u0131 (” _readme.txt “) olu\u015fturulur.<\/p>\n

Metin dosyas\u0131, ma\u011fdurlar\u0131 \u015fifreleme hakk\u0131nda bilgilendiren fidye mesaj\u0131n\u0131 i\u00e7erir. Mesaja g\u00f6re, verileri “kilitlemek” i\u00e7in en g\u00fc\u00e7l\u00fc \u015fifreleme ve benzersiz bir anahtar kullan\u0131ld\u0131\u011f\u0131, ancak kullan\u0131c\u0131lara kurtarma i\u015fleminin m\u00fcmk\u00fcn oldu\u011funu s\u00f6yler. Dosyalar\u0131n \u015fifresini \u00e7\u00f6zmenin tek yolu, sald\u0131r\u0131n\u0131n arkas\u0131ndaki siber su\u00e7lulardan \u015fifre \u00e7\u00f6zme ara\u00e7lar\u0131 \/ anahtarlar\u0131n\u0131 sat\u0131n almaktan ge\u00e7ti\u011finden bahsedilir. Bu ara\u00e7lar\u0131n maliyetinin 980 $ oldu\u011fu belirtilir, ancak ilk 72 saat i\u00e7inde k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m geli\u015ftiricileriyle ileti\u015fim kurulursa bu fiyat yar\u0131ya(490 $) indirilebildi\u011fi yaz\u0131l\u0131r. Bu, fidye mesaj\u0131nda \u200b\u200bverilen adresleri kullanarak bir e-posta g\u00f6ndererek yap\u0131labilir. \u015eifre \u00e7\u00f6zmenin m\u00fcmk\u00fcn oldu\u011funu do\u011frulamak i\u00e7in su\u00e7lular, de\u011ferli bilgiler i\u00e7ermemesi gereken bir dosyan\u0131n \u00fccretsiz \u015fifre \u00e7\u00f6z\u00fcm\u00fcn\u00fc sunar. Bu test dosyas\u0131 kurbanlar\u0131n e-postalar\u0131na eklenebilir. Kullan\u0131c\u0131lar alt\u0131 saat i\u00e7inde yan\u0131t alamazsa, “Spam \/ \u00d6nemsiz” e-posta klas\u00f6rlerini incelemeleri istenir. Fidye yaz\u0131l\u0131m\u0131 \u015fifrelemesinin \u00e7o\u011funda, s\u00f6z konusu fidye yaz\u0131l\u0131m\u0131 hala geli\u015ftirilmedi\u011fi ve \/ veya \u00f6nemli kusurlar\u0131 \/ hatalar\u0131 olmad\u0131\u011f\u0131 s\u00fcrece, bula\u015fmadan sorumlu siber su\u00e7lular\u0131n kat\u0131l\u0131m\u0131 olmadan \u015fifre \u00e7\u00f6zme m\u00fcmk\u00fcn de\u011fildir.<\/p>\n

Fidye \u00d6denmeli mi?<\/strong><\/p>\n

Durum ne olursa olsun, fidye taleplerini kar\u015f\u0131lamaman\u0131z \u015fiddetle tavsiye edilir. \u00d6deme yap\u0131lmas\u0131na ra\u011fmen, \u00e7o\u011fu zaman kullan\u0131c\u0131lar verilerinin \u015fifresini \u00e7\u00f6zmek i\u00e7in gerekli ara\u00e7lar\u0131 yada yaz\u0131l\u0131m\u0131 alamazlar. Bu onlar\u0131 onar\u0131lamayacak kadar zarar g\u00f6rm\u00fc\u015f gereksiz dosyalar ile b\u0131rak\u0131r ve art\u0131 mali kay\u0131p ya\u015farlar. Kodc’ nin i\u015fletim sisteminden temizlenmesi, daha fazla \u015fifrelemeyi \u00f6nleyecektir, ancak bu zaten g\u00fcvenli\u011fi ihlal edilmi\u015f verileri geri y\u00fcklemeyi sa\u011flamaz. Tek \u00e7\u00f6z\u00fcm, sald\u0131r\u0131dan \u00f6nce yap\u0131lm\u0131\u015fsa ve farkl\u0131 bir konumda saklanm\u0131\u015fsa, dosyalar\u0131 fakl\u0131 bir yedekten yeniden y\u00fcklemektir.<\/p>\n

Kullan\u0131c\u0131lar\u0131 g\u00fcvenli\u011fi ihlal edilmi\u015f verilerinin \u015fifresini \u00e7\u00f6zmek i\u00e7in fidye \u00f6demeye te\u015fvik eden bir mesaj\u0131n ekran g\u00f6r\u00fcnt\u00fcs\u00fc a\u015fa\u011f\u0131daki \u015fekildedir:<\/p>\n

 <\/p>\n

BWNG ,\u00a0\u00a0Mark ,\u00a0\u00a0CryLock ve\u00a0\u00a05SS5C , verileri \u015fifrelemek ve uygun \u015fifre \u00e7\u00f6zme ara\u00e7lar\u0131 \/ yaz\u0131l\u0131mlar\u0131 i\u00e7in \u00f6deme talep etmek \u00fczere tasarlanm\u0131\u015f di\u011fer fidye yaz\u0131l\u0131m\u0131 tipi programlara \u00f6rnektir. Temel farklar kulland\u0131klar\u0131 \u015fifreleme algoritmas\u0131n\u0131 ( simetrik veya asimetrik ) ve fidye boyutunu i\u00e7erir. Genellikle \u00fc\u00e7 ve d\u00f6rt haneli fiyatlar aras\u0131nda de\u011fi\u015fir (ABD dolar\u0131 cinsinden). Bu i\u015flemlerin izlenmesi zor \/ imkans\u0131z oldu\u011fu i\u00e7in dijital para birimleri (\u00f6rn. Kripto para birimleri, \u00f6n \u00f6demeli kuponlar vb.) kullan\u0131l\u0131r. Veri g\u00fcvenli\u011fini sa\u011flamak i\u00e7in yedeklemeleri uzak sunucularda ve \/ veya tak\u0131l\u0131 olmayan depolama ayg\u0131tlar\u0131nda saklanmal\u0131d\u0131r. \u0130deal olarak, yedeklemeler birka\u00e7 ayr\u0131 yerde saklanmal\u0131d\u0131r.<\/p>\n

Fidye yaz\u0131l\u0131m\u0131 bilgisayar\u0131ma nas\u0131l bula\u015ft\u0131?<\/h3>\n

Fidye yaz\u0131l\u0131mlar\u0131 ve di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar genellikle truva atlar\u0131, spam kampanyalar\u0131, g\u00fcvenilmez indirme kaynaklar\u0131, yaz\u0131l\u0131m “k\u0131rma” (crack) ara\u00e7lar\u0131 ve sahte g\u00fcncelleyiciler yoluyla \u00e7o\u011fal\u0131r. Truva atlar\u0131, ek k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n indirilmesini \/ y\u00fcklenmesini i\u00e7erebilen bir\u00e7ok tehlikeli \u00f6zelli\u011fe sahip k\u00f6t\u00fc ama\u00e7l\u0131 programlard\u0131r. “Spam kampanyas\u0131”, b\u00fcy\u00fck \u00f6l\u00e7ekte g\u00f6nderilen aldat\u0131c\u0131 e-postalar\u0131 belirtmek i\u00e7in kullan\u0131lan bir terimdir. Bu mesajlar genellikle “\u00f6nemli”, “resmi”, “acil” olarak sunulur. Bula\u015f\u0131c\u0131 dosyalar eklenir (veya bunlara y\u00f6nlendiren ba\u011flant\u0131lar i\u00e7erir). Tehlikeli ekler bir\u00e7ok fakl\u0131 formatta kar\u015f\u0131m\u0131za \u00e7\u0131ka bilir; \u00f6rne\u011fin ar\u015fiv ve y\u00fcr\u00fct\u00fclebilir dosyalar, PDF ve Microsoft Office belgeleri, JavaScript vb… Bu t\u00fcr dosyalar t\u0131klat\u0131ld\u0131\u011f\u0131nda, vir\u00fcs ba\u015flat\u0131l\u0131r. Resmi olmayan ve \u00fccretsiz dosya bar\u0131nd\u0131rma web siteleri, P2P payla\u015f\u0131m a\u011flar\u0131 (BitTorrent, Gnutella, eMule vb.) Ve di\u011fer \u00fc\u00e7\u00fcnc\u00fc taraf indiriciler g\u00fcvenilmez indirme kanallar\u0131d\u0131r. \u0130ndirmek i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 i\u00e7erik sunabilirler ve normal yaz\u0131l\u0131m olarak gizlenirler (veya onunla birlikte gelirler). Lisansl\u0131 \u00fcr\u00fcnleri etkinle\u015ftirmek yerine, yasa d\u0131\u015f\u0131 etkinle\u015ftirme (crack) ara\u00e7lar\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m indirebilir \/ y\u00fckleyebilir. Sahte g\u00fcncellemeler, g\u00fcncel olmayan programlar\u0131n zay\u0131fl\u0131klar\u0131ndan yararlanarak ve \/ veya vaat edilen g\u00fcncellemeler yerine k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fckleyerek sistemleri enfekte eder.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Tehdit \u00d6zeti:<\/caption>\n
Ad\u0131<\/strong><\/td>\nKodc vir\u00fcs\u00fc<\/td>\n<\/tr>\n
Tehdit T\u00fcr\u00fc<\/strong><\/td>\nFidye Yaz\u0131l\u0131m\u0131, Kripto Vir\u00fcs\u00fc, Dosya tipi bozma.<\/td>\n<\/tr>\n
\u015eifrelenmi\u015f Dosya Uzant\u0131s\u0131<\/strong><\/td>\n.kodc<\/td>\n<\/tr>\n
Fidye Talep Mesaj\u0131<\/strong><\/td>\n_readme.txt<\/td>\n<\/tr>\n
Fidye Tutar\u0131<\/strong><\/td>\n980 $ \/ 490 $<\/td>\n<\/tr>\n
Siber Su\u00e7 Temas<\/strong><\/td>\nhelpmanager@firemail.cc ve helpmanager@iran.ir<\/td>\n<\/tr>\n
Alg\u0131lama \u0130simleri<\/strong><\/td>\nAVG (Win32: TrojanX-gen [Trj]), BitDefender (Trojan.GenericKD.42261545), ESET-NOD32 (Bir Win32 \/ Kryptik.HAIP Varyant\u0131), Kaspersky (Trojan-Ransom.Win32.Stop.ie), Tam Liste Tespitleri (\u00a0VirusTotal<\/a>\u00a0)<\/td>\n<\/tr>\n
Rogue Process Name<\/strong><\/td>\nupdatewin.exe<\/td>\n<\/tr>\n
belirtiler<\/strong><\/td>\nBilgisayar\u0131n\u0131zda depolanan dosyalar a\u00e7\u0131lam\u0131yor, daha \u00f6nce i\u015flevsel olan dosyalar art\u0131k farkl\u0131 bir uzant\u0131ya sahip (\u00f6rne\u011fin, my.docx.locked). Masa\u00fcst\u00fcn\u00fczde bir fidye talep mesaj\u0131 g\u00f6r\u00fcnt\u00fclenir. Siber su\u00e7lular, dosyalar\u0131n\u0131z\u0131 eski haline getirmek i\u00e7in bir fidye (genellikle bitcoin cinsinden) \u00f6denme bekler.<\/td>\n<\/tr>\n
ek bilgi<\/strong><\/td>\nBu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, sahte bir Windows Update penceresi g\u00f6stermek ve kullan\u0131c\u0131lar\u0131n siber g\u00fcvenlik web sitelerine eri\u015fmesini \u00f6nlemek i\u00e7in Windows “hosts” dosyas\u0131n\u0131 de\u011fi\u015ftirmek \u00fczere tasarlanm\u0131\u015ft\u0131r.<\/td>\n<\/tr>\n
Da\u011f\u0131t\u0131m y\u00f6ntemleri<\/strong><\/td>\nEnfekte olmu\u015f e-posta ekleri (makrolar), torrent web siteleri, k\u00f6t\u00fc ama\u00e7l\u0131 reklamlar, resmi olmayan etkinle\u015ftirme ve g\u00fcncelleme ara\u00e7lar\u0131(crackler)<\/td>\n<\/tr>\n
Hasar<\/strong><\/td>\nT\u00fcm dosyalar \u015fifrelenir ve fidye \u00f6demeden a\u00e7\u0131lamaz.\u00a0Ek parola \u00e7alma truva atlar\u0131 ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015fmalar\u0131, fidye yaz\u0131l\u0131m\u0131 bula\u015fmalar\u0131yla birlikte y\u00fcklenebilir.<\/td>\n<\/tr>\n
K\u00f6t\u00fc Ama\u00e7l\u0131 Yaz\u0131l\u0131mlar\u0131 Kald\u0131rma (Windows)<\/strong><\/td>\nOlas\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015fmalar\u0131n\u0131 ortadan kald\u0131rmak i\u00e7in, bilgisayar\u0131n\u0131z\u0131 yasal vir\u00fcsten koruma yaz\u0131l\u0131m\u0131 ile taray\u0131n. G\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 Spyhunter kullanman\u0131z\u0131 tavsiye ediyor.
\nSpy \u0130ndir Spyhunter<\/a>
\nTam \u00f6zellikli \u00fcr\u00fcn\u00fc kullanmak i\u00e7in SpyHunter i\u00e7in bir lisans sat\u0131n alman\u0131z gerekir.\u00a0S\u0131n\u0131rl\u0131 \u00fccretsiz deneme s\u00fcresi mevcuttur, k\u0131rk sekiz saatlik bekleme s\u00fcresine tabidir.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Kendinizi fidye yaz\u0131l\u0131m\u0131 enfeksiyonlar\u0131ndan nas\u0131l korursunuz<\/h3>\n

\u015e\u00fcpheli ve \/ veya alakas\u0131z e-postalar\u0131, \u00f6zellikle de bilinmeyen \/ \u015f\u00fcpheli adreslerden gelenleri a\u00e7may\u0131n. \u015e\u00fcpheli postalarda bulunan ekleri veya ba\u011flant\u0131lar\u0131 a\u00e7may\u0131n; bu, dosyalar\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m indirmeye \/ y\u00fcklemeye ba\u015flamas\u0131n\u0131 tetikleyebilir. T\u00fcm indirmeler resmi ve do\u011frulanm\u0131\u015f kaynaklardan yap\u0131lmal\u0131d\u0131r. Ayn\u0131 \u015fey, orijinal geli\u015ftiriciler taraf\u0131ndan sa\u011flanan i\u015flevler \/ ara\u00e7lar kullan\u0131larak ger\u00e7ekle\u015ftirilmesi gereken program etkinle\u015ftirme ve g\u00fcncellemeyi de kapsar. Yasad\u0131\u015f\u0131 etkinle\u015ftirme (“crack”) ara\u00e7lar\u0131 ve \u00fc\u00e7\u00fcnc\u00fc taraf indiriciler bir enfeksiyona neden olabilir ve bu nedenle kullan\u0131lmamal\u0131d\u0131r. Sayg\u0131n bir vir\u00fcsten koruma \/ casus yaz\u0131l\u0131m \u00f6nleme paketi y\u00fckleyin ve g\u00fcncel tutun. Bu yaz\u0131l\u0131m\u0131 d\u00fczenli sistem taramalar\u0131 ve alg\u0131lanan \/ olas\u0131 tehditleri kald\u0131rmak i\u00e7in kullan\u0131n. Bilgisayar\u0131n\u0131za zaten Kodc bula\u015fm\u0131\u015fsa, Windows i\u00e7in Spyhunter ile tarama yapman\u0131z\u0131 \u00f6neririz otomatik olarak bu fidye yaz\u0131l\u0131m\u0131 ortadan kald\u0131rmak i\u00e7in.<\/p>\n

Kodc ransomware metin dosyas\u0131nda sunulan metin (”\u00a0_readme.txt<\/strong>\u00a0“):<\/p>\n

BWNG\u00a0,\u00a0\u00a0Mark\u00a0,\u00a0\u00a0CryLock\u00a0ve\u00a0\u00a05SS5C\u00a0, verileri \u015fifrelemek ve uygun \u015fifre \u00e7\u00f6zme ara\u00e7lar\u0131 \/ yaz\u0131l\u0131mlar\u0131 i\u00e7in \u00f6deme talep etmek \u00fczere tasarlanm\u0131\u015f di\u011fer fidye yaz\u0131l\u0131m\u0131 tipi programlara \u00f6rnektir.\u00a0Temel farklar kulland\u0131klar\u0131 \u015fifreleme algoritmas\u0131n\u0131 (\u00a0simetrik veya asimetrik\u00a0) ve fidye boyutunu i\u00e7erir.\u00a0Sonuncusu \u00fc\u00e7 ve d\u00f6rt haneli toplamlar aras\u0131nda de\u011fi\u015fir (ABD dolar\u0131 cinsinden).\u00a0Genellikle, bu i\u015flemlerin izlenmesi zor \/ imkans\u0131z oldu\u011fu i\u00e7in dijital para birimleri (\u00f6rn. Kripto para birimleri, \u00f6n \u00f6demeli kuponlar vb.) Kullan\u0131l\u0131r.\u00a0Veri g\u00fcvenli\u011fini sa\u011flamak i\u00e7in yedeklemeleri uzak sunucularda ve \/ veya tak\u0131l\u0131 olmayan depolama ayg\u0131tlar\u0131nda saklay\u0131n.\u00a0\u0130deal olarak, yedeklemeler birka\u00e7 ayr\u0131 yerde saklanmal\u0131d\u0131r.<\/p>\n

Fidye yaz\u0131l\u0131m\u0131 bilgisayar\u0131ma nas\u0131l bula\u015ft\u0131?<\/h3>\n

Fidye yaz\u0131l\u0131mlar\u0131 ve di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar genellikle truva atlar\u0131, spam kampanyalar\u0131, g\u00fcvenilmez indirme kaynaklar\u0131, yaz\u0131l\u0131m “k\u0131rma” (etkinle\u015ftirme) ara\u00e7lar\u0131 ve sahte g\u00fcncelleyiciler yoluyla \u00e7o\u011fal\u0131r. Truva atlar\u0131, ek k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n indirilmesini \/ y\u00fcklenmesini i\u00e7erebilen bir\u00e7ok tehlikeli \u00f6zelli\u011fe sahip k\u00f6t\u00fc ama\u00e7l\u0131 programlard\u0131r. “Spam kampanyas\u0131”, b\u00fcy\u00fck \u00f6l\u00e7ekte g\u00f6nderilen aldat\u0131c\u0131 e-postalar\u0131 belirtmek i\u00e7in kullan\u0131lan bir terimdir. Bu mesajlar genellikle “\u00f6nemli”, “resmi”, “acil” olarak sunulur. Bula\u015f\u0131c\u0131 dosyalar eklenir (veya bunlara y\u00f6nlendiren ba\u011flant\u0131lar i\u00e7erir). Tehlikeli ekler farkl\u0131 \u015fekillerde g\u00f6r\u00fclebilir (\u00f6rne\u011fin ar\u015fiv ve y\u00fcr\u00fct\u00fclebilir dosyalar, PDF ve Microsoft Office belgeleri, JavaScript vb.). A\u00e7\u0131ld\u0131\u011f\u0131nda, enfeksiyon ba\u015flat\u0131l\u0131r. Resmi olmayan ve \u00fccretsiz dosya bar\u0131nd\u0131rma web siteleri, P2P payla\u015f\u0131m a\u011flar\u0131 (BitTorrent, Gnutella, eMule vb.) Ve di\u011fer \u00fc\u00e7\u00fcnc\u00fc taraf indiriciler g\u00fcvenilmez indirme kanallar\u0131d\u0131r. \u0130ndirmek i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 i\u00e7erik sunabilirler ve normal yaz\u0131l\u0131m olarak gizlenirler (veya onunla birlikte gelirler). Lisansl\u0131 \u00fcr\u00fcnleri etkinle\u015ftirmek yerine, yasa d\u0131\u015f\u0131 etkinle\u015ftirme (“crack”) ara\u00e7lar\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m indirebilir \/ y\u00fckleyebilir. Sahte g\u00fcncellemeler, g\u00fcncel olmayan programlar\u0131n zay\u0131fl\u0131klar\u0131ndan yararlanarak ve \/ veya vaat edilen g\u00fcncellemeler yerine k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fckleyerek sistemleri enfekte eder.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Tehdit \u00d6zeti:<\/caption>\n
ad<\/strong><\/td>\nKodc vir\u00fcs\u00fc<\/td>\n<\/tr>\n
Tehdit T\u00fcr\u00fc<\/strong><\/td>\nFidye Yaz\u0131l\u0131m\u0131, Kripto Vir\u00fcs\u00fc, Dosya tipini de\u011fi\u015ftirme.<\/td>\n<\/tr>\n
\u015eifrelenmi\u015f Dosya Uzant\u0131s\u0131<\/strong><\/td>\n.kodc<\/td>\n<\/tr>\n
Fidye Talep Mesaj\u0131<\/strong><\/td>\n_readme.txt<\/td>\n<\/tr>\n
Fidye Tutar\u0131<\/strong><\/td>\n980 $ \/ 490 $<\/td>\n<\/tr>\n
Siber Su\u00e7 Temas<\/strong><\/td>\nhelpmanager@firemail.cc ve helpmanager@iran.ir<\/td>\n<\/tr>\n
Alg\u0131lama \u0130simleri<\/strong><\/td>\nAVG (Win32: TrojanX-gen [Trj]), BitDefender (Trojan.GenericKD.42261545), ESET-NOD32 (Bir Win32 \/ Kryptik.HAIP Varyant\u0131), Kaspersky (Trojan-Ransom.Win32.Stop.ie), Tam Liste Tespitleri (\u00a0VirusTotal<\/a>\u00a0)<\/td>\n<\/tr>\n
Rogue Process Name<\/strong><\/td>\nupdatewin.exe<\/td>\n<\/tr>\n
belirtiler<\/strong><\/td>\nBilgisayar\u0131n\u0131zda depolanan dosyalar a\u00e7\u0131lam\u0131yor, daha \u00f6nce i\u015flevsel olan dosyalar art\u0131k farkl\u0131 bir uzant\u0131ya sahip (\u00f6rne\u011fin, my.docx.locked). Masa\u00fcst\u00fcn\u00fczde bir fidye talep mesaj\u0131 g\u00f6r\u00fcnt\u00fclenir. Siber su\u00e7lular, dosyalar\u0131n\u0131z\u0131n eski hale getirmek i\u00e7in bir fidye (genellikle bitcoin yada alt coin cinslerinden) \u00f6denme talep eder.<\/td>\n<\/tr>\n
ek bilgi<\/strong><\/td>\nBu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, sahte bir Windows Update penceresi g\u00f6stermek ve kullan\u0131c\u0131lar\u0131n siber g\u00fcvenlik<\/a> web sitelerine eri\u015fmesini \u00f6nlemek i\u00e7in Windows “hosts” dosyas\u0131n\u0131 de\u011fi\u015ftirmek \u00fczere tasarlanm\u0131\u015ft\u0131r (\u00a0daha fazla bilgi a\u015fa\u011f\u0131dad\u0131r<\/a>\u00a0).<\/td>\n<\/tr>\n
Da\u011f\u0131t\u0131m y\u00f6ntemleri<\/strong><\/td>\nenfekte olmu\u015f e-posta ekleri (makrolar), torrent web siteleri, k\u00f6t\u00fc ama\u00e7l\u0131 reklamlar, resmi olmayan etkinle\u015ftirme (crack) ve di\u011fer g\u00fcncelleme ara\u00e7lar\u0131<\/td>\n<\/tr>\n
Hasar<\/strong><\/td>\nT\u00fcm dosyalar \u015fifrelenir ve fidye \u00f6demeden a\u00e7\u0131lamaz.\u00a0Ek parola \u00e7alma truva atlar\u0131 ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015fmalar\u0131, fidye yaz\u0131l\u0131m\u0131 bula\u015fmalar\u0131yla birlikte y\u00fcklenebilir.<\/td>\n<\/tr>\n
K\u00f6t\u00fc Ama\u00e7l\u0131 Yaz\u0131l\u0131mlar\u0131 Kald\u0131rma (Windows)<\/strong><\/td>\nOlas\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015fmalar\u0131n\u0131 ortadan kald\u0131rmak i\u00e7in, bilgisayar\u0131n\u0131z\u0131 yasal vir\u00fcsten koruma yaz\u0131l\u0131m\u0131 ile taray\u0131n.\u00a0G\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z Spyhunter kullanman\u0131z\u0131 tavsiye ediyor.
\nSpy \u0130ndir Spyhunter<\/a>
\nTam \u00f6zellikli \u00fcr\u00fcn\u00fc kullanmak i\u00e7in SpyHunter i\u00e7in bir lisans sat\u0131n alman\u0131z gerekir.\u00a0S\u0131n\u0131rl\u0131 \u00fccretsiz deneme s\u00fcresi mevcuttur, k\u0131rk sekiz saatlik bekleme s\u00fcresine tabidir.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Kendinizi fidye yaz\u0131l\u0131m\u0131 enfeksiyonlar\u0131ndan nas\u0131l korursunuz<\/h3>\n

\u015e\u00fcpheli ve alakas\u0131z e-postalar\u0131, \u00f6zellikle de bilinmeyen \/ \u015f\u00fcpheli adreslerden gelenleri a\u00e7may\u0131n. \u015e\u00fcpheli postalarda bulunan ekleri veya ba\u011flant\u0131lar\u0131 a\u00e7may\u0131n; bu, dosyalar\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m indirmeye \/ y\u00fcklemeye ba\u015flamas\u0131n\u0131 tetikleyebilir. T\u00fcm indirmeler resmi ve do\u011frulanm\u0131\u015f kaynaklardan yap\u0131lmal\u0131d\u0131r. Ayn\u0131 \u015fey, orijinal geli\u015ftiriciler taraf\u0131ndan sa\u011flanan i\u015flevler \/ ara\u00e7lar kullan\u0131larak ger\u00e7ekle\u015ftirilmesi gereken program etkinle\u015ftirme ve g\u00fcncellemeyi de kapsar. Yasad\u0131\u015f\u0131 etkinle\u015ftirme (“crack”) ara\u00e7lar\u0131 ve \u00fc\u00e7\u00fcnc\u00fc taraf indiriciler bir enfeksiyona neden olabilir ve bu nedenle kullan\u0131lmamal\u0131d\u0131r. Sayg\u0131n bir vir\u00fcsten koruma \/ casus yaz\u0131l\u0131m \u00f6nleme paketi y\u00fckleyin ve g\u00fcncel tutun. Bu yaz\u0131l\u0131m\u0131 d\u00fczenli sistem taramalar\u0131 ve alg\u0131lanan \/ olas\u0131 tehditleri kald\u0131rmak i\u00e7in kullan\u0131n. Bilgisayar\u0131n\u0131za zaten Kodc bula\u015fm\u0131\u015fsa, Windows i\u00e7in Spyhunter ile tarama yapman\u0131z\u0131 \u00f6neririz otomatik olarak bu fidye yaz\u0131l\u0131m\u0131 ortadan kald\u0131rmak i\u00e7in.<\/p>\n

Kodc ransomware metin dosyas\u0131nda sunulan metin (”\u00a0_readme.txt<\/strong>\u00a0“):<\/p><\/blockquote>\n

Kodc (”\u00a0.kodc<\/strong>\u00a0” uzant\u0131s\u0131) ile\u00a0\u015fifrelenen dosyalar\u0131n ekran g\u00f6r\u00fcnt\u00fcs\u00fc\u00a0:<\/p>\n

\"\"<\/p>\n

\u015eifreleme sonras\u0131nda g\u00f6r\u00fcnt\u00fclenen sahte Windows g\u00fcncellemesi penceresinin ekran g\u00f6r\u00fcnt\u00fcs\u00fc a\u015fa\u011f\u0131daki \u015fekildedir:<\/p>\n

\"\"<\/p>\n

\u00d6NEML\u0130 NOT!\u00a0<\/strong>– Verileri \u015fifrelemenin yan\u0131 s\u0131ra, Djvu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ailesinden gelen fidye yaz\u0131l\u0131m\u0131 t\u00fcr\u00fc enfeksiyonlar da Windows “hosts” dosyas\u0131na bir dizi girdi ekler. Bula\u015ft\u0131rma, \u00e7o\u011fu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n kald\u0131r\u0131lmas\u0131yla ilgili olan \u00e7e\u015fitli web sitelerinin adreslerini (URL) bar\u0131nd\u0131r\u0131r. Bu, kullan\u0131c\u0131lar\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m g\u00fcvenlik web sitelerine eri\u015fmesini ve yard\u0131m aramas\u0131n\u0131 \u00f6nlemek i\u00e7in yap\u0131l\u0131r. Web sitemiz (PCrisk.com) da listede. Bununla birlikte, bu giri\u015fleri kald\u0131rmak kolayd\u0131r – bu makalede<\/a>\u00a0ayr\u0131nt\u0131l\u0131 talimatlar bulabilirsiniz\u00a0(ad\u0131mlar Windows 10 ortam\u0131nda g\u00f6sterilmesine ra\u011fmen, i\u015flemin Microsoft Windows i\u015fletim sisteminin t\u00fcm s\u00fcr\u00fcmlerinde neredeyse ayn\u0131 oldu\u011funu unutmay\u0131n).<\/p>\n

\u015eu anda Djvu ransomware enfeksiyonlar\u0131n\u0131n eski ve yeni olmak \u00fczere iki s\u00fcr\u00fcm\u00fc vard\u0131r. Eski s\u00fcr\u00fcmler, vir\u00fcs bula\u015fan makinenin internet ba\u011flant\u0131s\u0131 olmad\u0131\u011f\u0131nda veya sunucu zaman a\u015f\u0131m\u0131na u\u011frad\u0131\u011f\u0131nda \/ yan\u0131t vermiyorken sabit kodlu bir “\u00e7evrimd\u0131\u015f\u0131 anahtar” kullanarak verileri \u015fifrelemek i\u00e7in tasarlanm\u0131\u015ft\u0131r. Bu nedenle, baz\u0131 kurbanlar siber g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131 Michael Gillespie<\/a>\u00a0taraf\u0131ndan geli\u015ftirilen bir ara\u00e7 kullanarak verilerin \u015fifresini\u00a0\u00e7\u00f6zebildi <\/a>ancak, \u015fifreleme mekanizmas\u0131 biraz de\u011fi\u015ftirildi\u011finden (bu nedenle A\u011fustos 2019’da piyasaya s\u00fcr\u00fclen yeni s\u00fcr\u00fcm), decrypter art\u0131k \u00e7al\u0131\u015fm\u0131yor ve art\u0131k desteklenmiyor. Verileriniz eski bir s\u00fcr\u00fcmle \u015fifrelenmi\u015f ise, Emsisoft ve Michael Gillespie taraf\u0131ndan geli\u015ftirilen ba\u015fka bir ara\u00e7la geri d\u00f6nd\u00fcrebilirsiniz. Toplam 148 Djvu varyant\u0131n\u0131 desteklemektedir ve daha fazla bilgi bulabilir, Emsisoft resmi web sayfas\u0131nda<\/a> ba\u011flant\u0131 ve \u015fifre \u00e7\u00f6zme talimatlar\u0131n\u0131 indirebilirsiniz .<\/p>\n

—> \u00dccretsiz Fidye Yaz\u0131l\u0131m\u0131 \u015eifre \u00c7\u00f6zme Ara\u00e7lar\u0131ndan konu ile ilgili olan (STOP\/Djvu bi\u00e7imli) yaz\u0131l\u0131m\u0131 buradan<\/a> indirebilirsiniz.<\/p>\n

—> Yine Kaspersky firmas\u0131n\u0131n fidye yaz\u0131l\u0131mlar\u0131 i\u00e7in olu\u015fturdu\u011fu scriptleri inceleyebilirsiniz<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Kodc nedir? Michael Gillespie taraf\u0131ndan ke\u015ffedilen Kodc, Stop \/ Djvu fidye yaz\u0131l\u0131m\u0131 ailesine ait k\u00f6t\u00fc ama\u00e7l\u0131 bir programd\u0131r. Bu k\u00f6t\u00fc…<\/p>\n","protected":false},"author":1,"featured_media":85086,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[37,48],"tags":[59,107,132,157,192,193,264,265,266,289,325,375,440],"class_list":["post-1062","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bilisim-hukuku","category-windows","tag-5ss5c","tag-bwng","tag-crylock","tag-djvu","tag-fidye-virusu","tag-fidye-yazilimlari","tag-kodc","tag-kodc-fidye-virusu","tag-kodc-virusu","tag-mark","tag-noransomware","tag-ransomware-isletim-sisteminden-kaldirma","tag-stop-djvu-fidye-yazilimi"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts\/1062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1062"}],"version-history":[{"count":2,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts\/1062\/revisions"}],"predecessor-version":[{"id":85088,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts\/1062\/revisions\/85088"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/media\/85086"}],"wp:attachment":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1062"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}