{"id":2533,"date":"2017-05-15T11:30:41","date_gmt":"2017-05-15T08:30:41","guid":{"rendered":"https:\/\/egegen.com\/blog\/?p=2533"},"modified":"2022-09-15T17:42:35","modified_gmt":"2022-09-15T14:42:35","slug":"wannacry-nedir-wannacrydan-etkilenirsek-ne-yapmaliyiz","status":"publish","type":"post","link":"https:\/\/egegen.com\/blog\/wannacry-nedir-wannacrydan-etkilenirsek-ne-yapmaliyiz\/","title":{"rendered":"WannaCry Nedir? WannaCry’dan Etkilenirsek Ne Yapmal\u0131y\u0131z?"},"content":{"rendered":"

Cuma g\u00fcn\u00fc \u00f6\u011fleden sonra ke\u015ffedilen ve ke\u015ffedildi\u011finden bu yana h\u0131zl\u0131 yay\u0131lmaya devam eden WannaCry fidye sald\u0131r\u0131s\u0131<\/strong>, 150’den fazla \u00fclkede 10.000 kurulu\u015f ve 200.000 ki\u015fiyi etkiledi.\u00a0Bununla birlikte, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n yay\u0131lmas\u0131n\u0131 yava\u015flatmak i\u00e7in \u00f6nlemler al\u0131nd\u0131 fakat\u00a0yeni varyasyonlar ortaya \u00e7\u0131kmaya ba\u015flad\u0131.<\/p>\n

Europol Direkt\u00f6r\u00fc Rob Wainwright<\/strong>, BBC’ye, siber sald\u0131r\u0131n\u0131n “kendi \u00e7ap\u0131nda benzeri g\u00f6r\u00fclmedi\u011fini” s\u00f6yledi ve Pazartesi g\u00fcn\u00fc insanlar i\u015fine geri d\u00f6nd\u00fcklerinde muhtemelen devam edece\u011fini de belirtti.\u00a0Microsoft<\/strong>, Windows XP<\/strong> i\u00e7in bir d\u00fczeltme eki yay\u0131nlayarak ola\u011fan d\u0131\u015f\u0131 bir ad\u0131m atarken,\u00a0yetkililer, i\u015fletmelerin sistemlerinin g\u00fcncellenmesini sa\u011flamak i\u00e7in uyar\u0131da bulunuyorlar.<\/p>\n

WannaCry<\/strong>; bilgisayar kullan\u0131c\u0131lar\u0131n\u0131n, bilgisayarlar\u0131n\u0131 yeniden kullanabilmeleri i\u00e7in belirli bir \u00fccret \u00f6deyene kadar bilgisayarlar\u0131 kullanamaz hale getiren bir fidye yaz\u0131l\u0131md\u0131r. En fazla \u0130ngiltere’nin etkilendi\u011fi bu sald\u0131r\u0131 \u00fclkemizi de etkisi alt\u0131na ald\u0131. BTK Ba\u015fkan\u0131<\/strong> \u00d6mer Fatih Sayan’\u0131n yapt\u0131\u011f\u0131 a\u00e7\u0131klamaya g\u00f6re; \u00fclkemizin siber g\u00fcvenlik merkezi USOM<\/strong> \u00f6n alma operasyonlar\u0131na devam ediyor.<\/p>\n

MalwareTech<\/strong> adl\u0131 22 ya\u015f\u0131ndaki bir siber g\u00fcvenlik uzman\u0131, fidye kodunda ke\u015ffedilen bir alan ad\u0131n\u0131 kaydederek\u00a0sald\u0131r\u0131y\u0131 yava\u015flatt\u0131.\u00a0BBC<\/strong>‘ye yapt\u0131\u011f\u0131 a\u00e7\u0131klamada, d\u00fczeltmesinin etraf\u0131nda \u00e7al\u0131\u015fan ba\u015fka bir sald\u0131r\u0131n\u0131n daha yak\u0131nda olaca\u011f\u0131n\u0131 s\u00f6yledi.<\/p>\n

\"\"<\/p>\n

Ara\u015ft\u0131rmac\u0131lar bu tweetten sonra fidye yaz\u0131l\u0131m\u0131n\u0131n iki yeni varyasyonunu ke\u015ffettiler. Biri ba\u015fka bir alan ad\u0131 kayd\u0131 ile engellendi, ancak di\u011fer varyant\u0131n acil anahtar\u0131 olmad\u0131\u011f\u0131ndan\u00a0k\u0131smen \u00e7al\u0131\u015fmaya devam ediyor.\u00a0Yaz\u0131l\u0131m, Windows XP’de bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullan\u0131yor ve bir kere vir\u00fcs bula\u015ft\u0131rd\u0131\u011f\u0131nda, dosyalar\u0131 \u015fifreliyor ve di\u011fer bilgisayarlara yay\u0131yor.\u00a0Ma\u011fdurlara, tekrar eri\u015fim sa\u011flamak i\u00e7in Bitcoin’de 300 dolarl\u0131k bir \u00f6deme talebi geliyor.\u00a0Bununla birlikte, sald\u0131r\u0131n\u0131n yayg\u0131nl\u0131\u011f\u0131na ra\u011fmen, faillerin yaln\u0131zca 20.000 dolar civar\u0131nda \u00f6deme yapt\u0131klar\u0131 san\u0131l\u0131yor.<\/p>\n

Europol, sald\u0131r\u0131n\u0131n arkas\u0131ndaki insanlar\u0131 ke\u015ffetmek i\u00e7in Federal Soru\u015fturma B\u00fcrosu ile birlikte \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 belirtti.<\/p>\n

Microsoft, WannaCry Sald\u0131r\u0131s\u0131na Kar\u015f\u0131 G\u00fcncelleme Yay\u0131nlad\u0131<\/h2>\n

Microsoft<\/strong>,\u00a0WannaCry fidye yaz\u0131l\u0131m\u0131ndan\u00a0kullan\u0131c\u0131lar\u0131n daha fazla hasar g\u00f6rmesini \u00f6nlemek i\u00e7in bir g\u00fcvenlik d\u00fczeltme eki yay\u0131nlad\u0131. Bu g\u00fcncelleme; Windows 7<\/strong>, Windows 8<\/strong> ve Windows Serves 2003<\/strong> kullan\u0131c\u0131lar\u0131n\u0131 korumak i\u00e7in yay\u0131nlanan bir\u00a0g\u00fcncellemedir.\u00a0Yakla\u015f\u0131k \u00fc\u00e7 y\u0131l \u00f6nce deste\u011finin sona erdi\u011fi bu s\u00fcr\u00fcmlerin WannaCry’dan daha fazla zarar g\u00f6rmesini \u00f6nlemek amac\u0131yla bir g\u00fcvenlik d\u00fczeltme eki piyasaya s\u00fcr\u00fcld\u00fc.<\/p>\n

WannaCry<\/strong>; T\u00fcrkiye de dahil olmak \u00fczere d\u00fcnyan\u0131n 100’den fazla \u00fclkesine yay\u0131lm\u0131\u015ft\u0131r. \u0130ngiltere’nin sa\u011fl\u0131k sistemi, \u0130spanyol telefon \u015firketi Telefonica vb. olmak \u00fczere pek \u00e7ok hizmeti engelleyen ve ABD Ulusal G\u00fcvenlik Ajans\u0131 (NSA) taraf\u0131ndan geli\u015ftirilen bir sistem a\u00e7\u0131\u011f\u0131ndan\u00a0kaynaklanan\u00a0bir sald\u0131r\u0131d\u0131r. Buna ek olarak, Windows’un\u00a0desteklenen s\u00fcr\u00fcmlerinden herhangi birisini, \u00f6zellikle de Windows 10<\/strong>‘u kullan\u0131yorsan\u0131z sald\u0131r\u0131dan uzaks\u0131n\u0131z demektir.<\/p>\n

WannaCry’dan Nas\u0131l Korunursunuz?<\/h2>\n

Windows G\u00fcncellemesini Yap\u0131n<\/h3>\n

Vir\u00fcs, Mart’ta \u00e7\u0131kan Microsoft g\u00fcvenlik g\u00fcncellemesi olan MS17-010 taraf\u0131ndan kapat\u0131lan ETERNALBLUE exploit’i kullanmaktad\u0131r. G\u00fcncelleme merkezinden bilgisayar\u0131n\u0131zda b\u00f6tle bir g\u00fcncelleme olup olmad\u0131\u011f\u0131n\u0131 kontrol edin. E\u011fer g\u00fcncelleme yoksa Microsoft’un web sitesinden indirin ve kurun.<\/p>\n

135 ve 445 Portunu Kapat\u0131n<\/h3>\n

Antivir\u00fcs \u015firketlerinin yay\u0131nlad\u0131klar\u0131 raporlara g\u00f6re WannaCry<\/strong>, Sunucu \u0130leti Blo\u011fu’nun oldu\u011fu ba\u011flant\u0131 noktalar\u0131na giriyor.\u00a0Penetrasyonu engellemek ad\u0131na vir\u00fcs\u00fcn i\u00e7eriye girdi\u011fi 135 ve 445 numaral\u0131 ba\u011flant\u0131 noktalar\u0131n\u0131 \u00f6nleyin. Bunun i\u00e7in y\u00f6netici konsolunu admin modunda a\u00e7man\u0131z ve a\u015fa\u011f\u0131da verdi\u011fimiz kodlar\u0131 \u00e7al\u0131\u015ft\u0131rman\u0131z gerekir. Her komuttan sonra “OK” yaz\u0131s\u0131n\u0131 g\u00f6rmeniz gerekmektedir.<\/p>\n

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name=\u201dBlock_TCP-135\u2033<\/p>\n

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name=\u201dBlock_TCP-445\u2033<\/p>\n

SMBv1 Deste\u011fini Devre D\u0131\u015f\u0131 B\u0131rak\u0131n<\/h3>\n

G\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kapatmak amac\u0131yla SMBv1 deste\u011fini devre d\u0131\u015f\u0131 b\u0131rakmal\u0131s\u0131n\u0131z. Bu komutu y\u00f6netici olarak \u00e7al\u0131\u015ft\u0131rmal\u0131s\u0131n\u0131z.<\/p>\n

WannaCry’dan Etkilenirseniz Ne Yapacaks\u0131n\u0131z?<\/h3>\n

Sisteminiz zaten WannaCry<\/strong>‘dan etkilenmi\u015fse \u015fifrelenmi\u015f dosyalar\u0131n\u0131z\u0131 kurtarabilece\u011finizi bilmelisiniz. \u0130zleyece\u011finiz ad\u0131mlar \u015funlard\u0131r;<\/p>\n

    \n
  1. A\u011f ba\u011flant\u0131s\u0131n\u0131 bilgisayar\u0131n\u0131zdan kald\u0131r\u0131n.\u00a0Bu, a\u011f kablosunu kald\u0131rarak veya bilgisayar\u0131n\u0131zdaki kablosuz i\u015flevini kapatarak yap\u0131labilir. Bu fidye yaz\u0131l\u0131m\u0131n\u0131n yay\u0131lmas\u0131n\u0131 \u00f6nlemenizi sa\u011flayacakt\u0131r.<\/li>\n
  2. \u0130ster diz\u00fcst\u00fc bilgisayar ister i\u015f istasyonu i\u015flem birimi olsun, etkilenen bilgisayar\u0131n\u0131z\u0131 yeniden ba\u015flat\u0131n.<\/li>\n
  3. Vir\u00fcs bula\u015fm\u0131\u015f bilgisayar\u0131n\u0131z\u0131\u00a0yeniden kurduktan sonra yapt\u0131\u011f\u0131n\u0131z yedeklemeden sisteminizi geri y\u00fckleyebilirsiniz.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

    Cuma g\u00fcn\u00fc \u00f6\u011fleden sonra ke\u015ffedilen ve ke\u015ffedildi\u011finden bu yana h\u0131zl\u0131 yay\u0131lmaya devam eden WannaCry fidye sald\u0131r\u0131s\u0131, 150’den fazla \u00fclkede 10.000 kurulu\u015f ve 200.000 ki\u015fiyi etkiledi.\u00a0Bununla birlikte, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n yay\u0131lmas\u0131n\u0131 yava\u015flatmak i\u00e7in \u00f6nlemler al\u0131nd\u0131 fakat\u00a0yeni varyasyonlar ortaya \u00e7\u0131kmaya ba\u015flad\u0131. Europol Direkt\u00f6r\u00fc Rob Wainwright, BBC’ye, siber sald\u0131r\u0131n\u0131n “kendi \u00e7ap\u0131nda benzeri g\u00f6r\u00fclmedi\u011fini” s\u00f6yledi ve Pazartesi g\u00fcn\u00fc insanlar …<\/p>\n","protected":false},"author":1,"featured_media":2536,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[184],"tags":[],"_links":{"self":[{"href":"https:\/\/egegen.com\/blog\/wp-json\/wp\/v2\/posts\/2533"}],"collection":[{"href":"https:\/\/egegen.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/egegen.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/egegen.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/egegen.com\/blog\/wp-json\/wp\/v2\/comments?post=2533"}],"version-history":[{"count":0,"href":"https:\/\/egegen.com\/blog\/wp-json\/wp\/v2\/posts\/2533\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/egegen.com\/blog\/wp-json\/wp\/v2\/media\/2536"}],"wp:attachment":[{"href":"https:\/\/egegen.com\/blog\/wp-json\/wp\/v2\/media?parent=2533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/egegen.com\/blog\/wp-json\/wp\/v2\/categories?post=2533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/egegen.com\/blog\/wp-json\/wp\/v2\/tags?post=2533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}