Core (Makop) Ransomware: A Guide to Removal and Prevention

Ransomware remains one of the most persistent and damaging cyber threats. One of the latest strains identified is Core (Makop) ransomware, which encrypts victims’ files and demands a ransom for decryption. This article will provide a detailed overview of the Core ransomware, including how it operates, its consequences, and a thorough removal guide using SpyHunter. Additionally, we will discuss effective preventive measures to avoid falling victim to similar threats in the future.

---

Core (Makop) Ransomware Overview

Core ransomware belongs to the Makop ransomware family and operates as a file-locking crypto virus that encrypts a victim’s files, making them inaccessible. After encrypting files, it modifies filenames by appending a unique victim ID, the attackers’ email address, and the “.core” extension. It then delivers a ransom note in the form of a text file titled “+README-WARNING+.txt”, warning the victim against unauthorized decryption attempts.

Below is a summary table highlighting the most crucial details of the Core (Makop) ransomware threat:

Attribute	Details
Threat Name	Core (Makop) Ransomware
Threat Type	Ransomware, Crypto Virus, File Locker
Encrypted File Extension	.core (Appended with unique ID and attacker’s email)
Ransom Note File Name	+README-WARNING+.txt
Cybercriminal Contact	corecrypt@hotmail.com
Detection Names	Avast (Win32:Fasec [Trj]), Combo Cleaner (Gen:Variant.Ransom.Makop.50), ESET-NOD32 (A Variant Of Win32/Filecoder.Phobos.E), Kaspersky (HEUR:Trojan-Ransom.Win32.Generic), Microsoft (Ransom:Win32/Phobos.PB!MTB)
Symptoms of Infection	– Inability to open files – File extensions changed to .core – Ransom note displayed on the desktop – Demand for ransom payment in Bitcoin
Distribution Methods	– Infected email attachments (macros) – Malicious torrent downloads – Fake software updates – Exploited security vulnerabilities
Damage	– Files become inaccessible without a decryption key – Additional malware infections possible – Potential financial loss if ransom is paid
Danger Level	High

---

How Core (Makop) Ransomware Operates

1. Infection
   • Core (Makop) ransomware infiltrates systems via malicious email attachments, pirated software, fake software updates, or exploited security flaws.
   • Once executed, it encrypts all files on the device.
2. File Modification
   • The ransomware renames all encrypted files, adding a unique ID, the attacker’s email, and a “.core” extension.
   • Example: document.docx → document.docx.[2AF20FA3].[corecrypt@hotmail.com].core.
3. Ransom Note Deployment
   • After encryption, Core ransomware drops a ransom note named “+README-WARNING+.txt” in various system folders and on the desktop.
   • The note threatens victims and demands a ransom payment in Bitcoin.

---

Core (Makop) Ransom Note: Full Message

!i!i!i!i!i!i!i!i!i!!i!i!i!i!i!i!i!i!i!i!i!i!i

Your files are ENCRYPTED and STOLEN!

Trying to decrypt data in any other way may result in file corruption and data loss.
You can find a mediator to make a deal with us,
but we don't guarantee the security of the deal between you and the mediator.

Contact us at this email address: corecrypt@hotmail.com
Send me ID, which is indicated in the name of your files,
You will receive instructions to resolve this situation.

---

How to Remove Core (Makop) Ransomware and Recover Your Files

Step 1: Do Not Pay the Ransom

• Paying the ransom does not guarantee that you will receive a decryption key.
• Cybercriminals may ignore you or demand more money.

Step 2: Boot Into Safe Mode

1. Restart your computer and press F8/F12 repeatedly (for Windows).
2. Select Safe Mode with Networking.
3. Log in and proceed with malware removal.

Step 3: Use SpyHunter to Remove Core Ransomware

SpyHunter is an advanced anti-malware tool that can detect and remove ransomware threats effectively.

To remove Core ransomware using SpyHunter:

1. Download and Install SpyHunter.
2. Run a Full System Scan: Click Start Scan Now to detect malicious programs.
3. Remove All Detected Threats: After the scan, click Fix Threats to remove ransomware components.

Step 4: Restore Encrypted Files

Unfortunately, there is no free decryption tool available for Core (Makop) ransomware. However, you can try these methods:

Option 1: Restore from Backup

If you have cloud or external backups, restore files from a clean backup.

Option 2: Use Shadow Volume Copies

• Press Win + R, type cmd, and press Enter.
• Run the command:

  vssadmin list shadows

• If Shadow Copies exist, use ShadowExplorer to restore previous file versions.

Option 3: Use Data Recovery Software

Download a reputable data recovery tool like EaseUS Data Recovery Wizard or Recuva.

---

How to Prevent Ransomware Attacks

Maintain Regular Backups

• Store backups on external drives, cloud services, and offline storage.

Enable System Protection

• Activate Windows System Restore to revert to a clean state if infected.

Use Strong Security Software

• Install SpyHunter to detect and block ransomware before it can encrypt files.

Be Cautious with Emails

• Do not open email attachments from unknown senders.
• Verify links before clicking.

Update Software Regularly

• Keep your operating system, browsers, and security software updated.

Disable Macros in Documents

• Microsoft Office macros are often used to execute malware.

Avoid Illegal Downloads

• Stay away from torrent sites and cracked software.

---

Conclusion

Core (Makop) ransomware is a highly dangerous file-locking virus that encrypts data and demands payment. Paying the ransom is not advisable, as it does not guarantee file recovery. Using SpyHunter can effectively remove the malware, but file decryption remains a challenge.

To protect yourself from ransomware attacks, regular backups, security software, and safe browsing practices are essential. If you suspect an infection, act immediately by following the removal guide and implementing strong preventive measures.