Makop ransomware is a destructive variant of the Phobos ransomware family, first identified in 2020. Known for its file encryption tactics, Makop locks critical files on the victim’s system, rendering them unusable unless a ransom is paid for their decryption.
In this guide, we’ll discuss Makop ransomware in detail and explain how you can decrypt your files using the Phobos Decryptor. We’ll also provide essential steps to recover from a Makop ransomware attack and safeguard your system against future threats.
Table of Contents
- What is Makop Ransomware?
- How Does Makop Ransomware Spread?
- Technical Details of Makop Ransomware
- Decrypting Makop Ransomware with Phobos Decryptor
- Alternative Recovery Methods
- Preventing Future Ransomware Attacks
Related Article: 8Base Ransomware Removal And Decryption
What is Makop Ransomware?
Makop ransomware is part of the notorious Phobos ransomware family. Once it infects a system, Makop encrypts the victim’s files, appending a .makop extension to each affected file, followed by a unique ID and the attacker’s email address. The ransomware then leaves a ransom note, typically named +README-WARNING+.txt, which informs the victim that their files have been encrypted and demands a ransom in exchange for the decryption key.
Makop ransomware utilizes strong encryption algorithms, combining AES-256 and RSA-1024, which makes it extremely difficult to decrypt files without the attacker’s private key. Victims are often asked to contact the cybercriminals via email to negotiate the ransom payment, typically in Bitcoin.
Antivirus Detection:
Makop ransomware is detected under various aliases by major antivirus solutions, including:
- Avast: Win32[Ransom]
- BitDefender: Gen.Ransom.Phobos.76
- ESET-NOD32: A Variant Of Win32/Filecoder.Phobos.C
- Kaspersky: HEUR.Trojan-Ransom.Win32.Generic
- Microsoft Defender: Ransom/Makop.B
How Does Makop Ransomware Spread?
Understanding the infection vectors of Makop ransomware is crucial for preventing an attack. Here are the common methods through which Makop can infiltrate your system:
1. Remote Desktop Protocol (RDP) Attacks
Makop primarily targets internet-exposed systems with weak or compromised RDP credentials. Cybercriminals brute-force their way into systems, gain unauthorized access, and then deploy the ransomware.
2. Phishing Emails
Attackers use phishing emails with malicious attachments or links to trick users into downloading the ransomware. Once opened, the ransomware starts encrypting the files.
3. Software Exploits
Makop can also exploit vulnerabilities in outdated or unpatched software, allowing attackers to inject the ransomware into your system.
4. Malicious Websites
Visiting compromised websites or clicking on malicious ads can result in a drive-by download, where the ransomware is installed without the user’s knowledge.
You can also read: Faust Ransomware Virus Decryption And Removal Guide
Technical Details of Makop Ransomware
Makop ransomware follows a similar attack pattern to other Phobos variants but has several unique characteristics:
File Encryption:
Makop uses a combination of AES-256 and RSA-1024 encryption algorithms. It first encrypts the victim’s files using AES-256, then encrypts the AES key using RSA-1024. This two-layer encryption makes it extremely difficult to decrypt the files without the corresponding decryption key.
File Extensions:
After encryption, Makop appends the .makop extension to all files. For example, a file named document.docx may become document.docx.id[C279F237-2994].[[email protected]].makop.
Ransom Note:
The ransomware leaves a ransom note named +README-WARNING+.txt in multiple directories. The note provides instructions on how to pay the ransom, usually demanding payment in Bitcoin, and threatens permanent file loss if the victim attempts to use third-party decryption tools.
Indicator of Compromise
If you have these Hashs, there is a great chance you are compromised:
- 7f86b67ac003eda9d2929c9317025013 arestore.exe
- e245f8d129e8eadb00e165c569a14b71 data.exe
- 6A58B52B184715583CDA792B56A0A1ED Advanced_Port_Scanner_2.5.3869.exe
- b69d036d1dcfc5c0657f3a1748608148 Everything.exe
- 9fd28d2318f66e4fe37a9a5bc1637928 YDArk.exe
The Makop Ransomware terminates specific process and some more:
- armsvc.exe|
- IntelCpHDCPSvc.exe
- IPROSetMonitor. exe
- msftesql. exe
- OfficeClickToRun.exe
- postgres.exe
- salbrowser.exe
- vds.exe
you will also find these file in most folder as well:
- *.dIl
- * exe
- * mkp
- +README-WARNING+. txt
- boot.ini
- bootfont. bin
- desktop.ini
- io.sys
- ntdetect.com
- ntldr
- *Iregedit exe
- System32
- Users|Public
- windows
- Winnt
Decrypting Makop Ransomware with Phobos Decryptor
While Makop ransomware uses sophisticated encryption, it is possible to recover your files using a specialized tool: Phobos Decryptor.
How Does Phobos Decryptor Work?
The Phobos Decryptor tool is specifically designed to decrypt files encrypted by Phobos variants, including Makop ransomware. It works by leveraging known vulnerabilities in the ransomware’s encryption process and accessing decryption keys through specialized online servers.
Features of Phobos Decryptor
- Server-Based Decryption: The decryptor requires an internet connection to communicate with servers that store decryption keys for known ransomware strains. It reverse AES-256 and RSA-1024 encryption used by Makop.
- User-Friendly Interface: The decryptor is simple to use, allowing non-technical users to decrypt their files through a step-by-step process.
- Safe and Effective: Unlike some unreliable third-party tools that may damage your files, Phobos Decryptor is designed specifically for Phobos ransomware variants, including Makop.
Steps to Decrypt Your Files Using Phobos Decryptor
- Purchase the Phobos Decryptor by contacting our team via email or WhatsApp.
- Download the Phobos Decryptor and run it as an administrator on the infected system.
- Ensure the infected device has an active internet connection.
- Enter your unique ID from the ransom note or file names.
- Click “Decrypt Files” to begin the decryption process.
(NOTE: You need to have an active internet connection to use tool)
That’s it! Your files should now be decrypted and accessible.
If you encounter any issues, our team is available to assist via remote desktop support, such as AnyDesk.
Alternative Recovery Methods
here are some alternative recovery methods you can try(not guaranteed):
1. Free Data Recovery Tools
Tools like PhotoRec or TestDisk can sometimes recover unencrypted versions of your files from residual data on your hard drive. These tools are useful but are often ineffective against advanced ransomware like Makop.
2. System Restore
If you have a System Restore point created before the ransomware attack, you may be able to revert your system to its previous state. This won’t recover encrypted files, but it can help remove the ransomware and restore system functionality.
3. Data Recovery Services
For severe cases, professional data recovery services may be able to retrieve some of your files. However, this can be expensive and is not always guaranteed to work.
Preventing Future Ransomware Attacks
Preventing ransomware attacks is always better than trying to recover from one. Follow these best practices to protect your system against future infections:
1. Regular Software Updates
Keep your operating system and all software up to date to patch security vulnerabilities.
2. Strong Passwords and Two-Factor Authentication (2FA)
Use strong, unique passwords for all accounts, particularly those with RDP access, and enable 2FA for added security.
3. Email Caution
Be cautious when opening emails from unknown sources. Avoid clicking on links or downloading attachments unless you are sure they are safe.
4. Regular Backups
Regularly back up your important files to an external drive or cloud storage. This ensures that even if your system is compromised, you can restore your data.
Conclusion
Makop ransomware is a serious threat that can cause significant damage by encrypting your valuable data. However, with the right tools and knowledge, you can recover your files without paying the ransom. Phobos Decryptor offers a reliable solution to decrypt files affected by Makop ransomware and restore control of your system. By understanding how Makop operates and following preventive measures, you can reduce the risk of future attacks and protect your digital assets.
