Home Malware Programs Ransomware Makop Ransomware

Makop Ransomware

Posted: August 10, 2020

The Makop Ransomware is a file-locking Trojan family that provides variants to third-party threat actors for a fee. Attackers then launch pseudo-custom campaigns for locking Windows users' media files with encryption and offering a ransom-based unlocking service. Users should protect any high-risk or valuable data with backups and have anti-malware services active for removing the Makop Ransomware members as soon as possible.

Small-Time Trojan Families Causing More than Little Data Problems

With variants under analysis since April, the Makop Ransomware's family is steadily, but very slowly, increasing in numbers. At its current rate, it's unlikely of ever matching with the 'great' names in the Ransomware-as-a-Service field, like Russia's Scarab Ransomware, Asia's STOP Ransomware or the Crysis Ransomware. However, for anyone in the statistically unlikely scenario of an infection, the relative rarity of the Makop Ransomware variations is cold comfort.

Some versions of the Makop Ransomware that malware researchers took through their due analysis previously include the Origami Ransomware, the Shootlock Ransomware, the ZES Ransomware and the Zbw Ransomware. Consistent features between them are based on Windows with limited external software dependencies, creating Notepad text messages as ransom notes and blocking files. The Makop Ransomware defaults to AES encryption with an RSA key, making it a traditional but secure threat with few opportunities for 'cracking' its file-locking method.

The media that the Makop Ransomware encrypts and locks may include various documents, spreadsheets, non-text like pictures or music, and even movies or archives. Although the extensions are semi-variable, the first version of the Makop Ransomware uses 'makop,' while others append different strings from their names, in turn. The Makop Ransomware's members also include bracketed e-mail addresses for negotiating over the ransom, usually, with a free service like ProtonMail.

Securing Your Files from a Trojan Family Waiting in the Wings

Breaking the key-secured encryption of a small Trojan family isn't any more straightforward than doing so for large ones like STOP Ransomware, and malware experts always recommend against assuming that decryption is possible. For countering file-locking attacks, most Windows users should store their files in safe places, such as cloud services or detachable drives. Networks are often targets of attacks by threats like the Makop Ransomware and should have appropriate password and privileges management for limiting a Trojan's access to files.

The Makop Ransomware's family may circulate through any exploits that a single affiliate attacker prefers. Web browsers can endanger users inadvertently by loading unsafe content, such as JavaScript or Flash. Out-of-date software also may host vulnerabilities that are known to the public and subject to exploitative behavior. Attacks even can brute-force passwords for targets randomly, or use sophisticated disguises for e-mail attachments, such as fake invoices with macros.

Anti-malware products from trustworthy companies also are proven forms of self-defense against file-locker Trojans.

The prosperity of Trojans like the Makop Ransomware is entirely up to those who encounter it out in the wild. A backup a day is the only requirement for becoming immune to the whole Ransomware-as-a-Service industry, and freeware imitators, to boot.

Loading...