The File-Locking Trojan Makop Ransomware Has Been Infecting Computers Across the Globe.
Makop Ransomware is a file-locking Trojan which appends an extension to the files on the compromised computer and demands to pay a ransom in exchange for the decryption key. The encryption routine is supposed to make it impossible for users to access their files without the aforementioned key, but in reality, the Trojan is not that efficient.
Makop Ransomware is generally distributed via spam email or repacked software. It also arrives as a payload for the trojan downloader Makop.exe or as a secondary payload with Trojan-PSW.Win32.Qhost.gen. When delivered by email, the Trojan arrives within an attachment that contains a Microsoft Word document file (.DOC) that has been corrupted using a macro to hide the Makop Ransomware payload. Makop encrypts many file types, including ones with the following extensions: .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .ods, .txt, .rtf, .wb2, .123, .wps, and .pdf.
The operators behind Makop Ransomware utilize various email addresses for contact including datalost@foxmail.com, davidrecovery@protonmail.com, getdataback@qbmail.biz, crypt@qbmail.biz, and many others. Once contact has been established, victims are instructed to access a payment page housed on a TOR website.
The ransom demand noted on the site can only be paid in Bitcoin. Like with most ransomware strains, Makop ransomware’s owners will offer to decrypt a couple of the victims’ files for free to prove that they have a working decryption software and further compel victims into making immediate payment. The attackers will also inquire who or what they have attacked, whether it be a large business, a small business or an individual computer user. Victims are also asked to specify the number of infected PCs, and security experts believe that the demanded ransom will then be crafted based on the size of the victims’ business. Big businesses would then be asked to pay more, while individual users would be asked to pay a ransom fee of $250.
Unfortunately, there is no known free decryptor for Makop Ransomware at this time. So the best way to protect yourself from an attack is to keep backups of your files and employ the use of a reputable malware remediation tool to scan for and remove Makop Ransomware.
