What is Makop file extension
.Makop file extension is a file extension that is used by a malware belonging to the Ransomware category. Makop ransomware is very similar in its characteristics to other ransomware. It also encrypts files, and then renames them. The filename of the encrypted file consists of its old name and the “.[ID-USERID].[EMAIL].makop” extension appended to the right. Criminals demand a ransom for a key-decryptor pair, which is necessary to unlock encrypted data.
Currently, there are already about 20 variants of the Makop ransomware, which differ in the extension added to the encrypted files: “.[farik1@protonmail.com].makop”, “.[restoring.data@protonmail.com].makop”, “.[admcphel@protonmail.ch].makop”, “.[antiransomware@aol.com].makop”, “.[data.compromised@protonmail.com].makop”, “.[akzhq12@cock.li].makop”, “.[viginare@aol.com].makop”, “.[giantt1@protonmail.com].makop”, “.[verilerimialmakistiyorum@inbox.ru].makop”, “.[ww6666@protonmail.com].makop”, “.[moncler@cock.li].makop”, “.[xaodecrypt@protonmail.com].makop”, “.[prndssdnrp@mail.fr].makop”, “.[cock89558@cock.li].makop”, “.[MikeyMaus77@protomail.com].makop”, “.[buydecryptor@cock.li].makop”, “.[modeturbo@aol.com].makop” and “.[helpdesk_makp@protonmail.ch].makop”.
What is Makop ransomware
Makop ransomware is a malware that belongs to the category of ransomware. It appends the ‘.makop’ extension to each file that it encrypts using a complex encryption mechanism. As other ransomware, it can use the same distribution methods (spam emails, adware, cracks, key generators and so on). Upon execution, the Makop ransomware collects information about the computer and then proceeds to encrypt the files located on it. The following common file types can be encrypted:
.odp, .xlsx, .m4a, .wp5, .wmo, .mdb, .wn, .wmf, .rb, .bay, .xml, .wmd, .map, .wbc, .ncf, .hplg, .itdb, .wmv, .sum, .sie, .kf, .pdf, .srf, .wb2, .js, .xwp, .bar, .wps, .vpk, .lbf, .psd, .wpw, .sql, .ods, .vtf, .srw, .zif, .cdr, .xy3, .sidn, .mlx, .apk, .odc, .tor, .webdoc, .pak, .wbm, .rar, .wp6, .wcf, .x, .xf, .raw, .syncdb, .dng, .itl, .slm, .iwi, .sis, .xar, .ibank, .jpg, .hkdb, .wdp, .ztmp, .vdf, .ptx, .p7b, .x3f, .p7c, .bkp, .big, .gdb, .wri, .avi, .xpm, .3dm, .mcmeta, .cas, .dmp, .xbplate, .dcr, .mdf, .cfr, .ysp, .wdb, .webp, .hvpl, .3ds, .xld, .snx, .rofl, .py, .vfs0, .sr2, .eps, .y, .upk, .xlsm, .pfx, .kdb, .mov, .pef, .rwl, .crt, .wbk, .litemod, .sav, .svg, .wpe, .mddata, .qic, .vpp_pc, .t12, .orf, .raf, .qdf, .asset, .cer, .wma, .kdc, .dwg, .wsh, .wbz, .jpe, .wpa, .m3u, .2bp, .d3dbsp, .zdc, .xmind, .jpeg, .yal, .db0, .ws, .xls, .wmv, .bkf, .wp7, .crw, .1st, .wma, .xll, .odm, .hkx, .pptx, .tax, .xlgc, .pdd, .dbf, .epk, .z3d, .dazip, .das, .der, .psk, .m2, .bc7, .ff, .arw, .xdl, .re4, .3fr, .csv, .flv, .odt, .pkpass, .rgss3a, .wp4, .lvl, .bik, .xlsm, .sidd, .cr2, .wsd, .xyw, .zip, .wpl, .rtf, .mrwref, .zw, .xbdoc, .doc, .xxx, .iwd, .t13, .pptm, .lrf, .xmmap, wallet, .wgz, .pst, .wbmp, .0, .mp4, .wire, .sid, .wotreplay, .docm, .x3d, .wot, .accdb, .p12, .wbd, .7z, .nrw, .wp, .rw2, .xlsb, .pem, .erf, .bsa, .mef, .xyp, .indd, .mpqge, .ntl, .layout, .rim, .menu, .bc6, .yml, .ai, .zabw, .xdb, .wav, .ltx, .zdb, .forge, .wpd, .fpk, .ppt, .vcf, .png, .desc, .blob, .docx, .arch00, .wpg, .xlk, .wpb, .zi, .txt, .css, .sb, .fos, .gho, .r3d, .wpd
No files will be skipped. All documents, photos, archives located on local disks, system disks and connected network drives will be encrypted. The Makop ransomware encrypts the contents of all disks file by file. Each file that has been encrypted is marked, the ransomware appends the ‘.[ID-USERID].[EMAIL].makop’ extension to its name. That is, as soon as a document with the name ‘document.doc’ is encrypted, it will immediately be renamed to ‘document.doc.[ID-USERID].[EMAIL].makop’. If you remove this extension, the file will remain locked. The associated program will not be able to read its contents.
The Makop ransomware creates a file with the name “readme-warning.txt” on the infected computer. This file contains a message from the ransomware authors. The full text of this file is:
Dear customer We apologize for having to encrypt your
files.
It’s not your fault, because your security system is
built at a good level, but during the attack we used
unique exploits designed for vulnerabilities in
microsoft software and antiviruses, which completely
does not depend on how well your security system is
built.Encryption algorithm:
Master key: RSA-2048, the public key is stored in the
body of ransomwsre,
private is not available (the master key is individual
for each
companyes, only used to create decrypt software)
Session key: RSA-512, private key not available
(Session
individual key for each attacked PC, private
The session key is encrypted with a Master key and is
stored in the body of each
encrypted file, as well as the public Session key)
File key: AES-256 / CBC: individual for each file,
encrypted with a Session key and sewn into the body of
each encrypted file.We strongly recommend that you do not use third-party
software to decrypt your files, as this can lead to
the final loss of files due to corrupted headers. But
if you still want to try to decrypt your files
yourself, then make sure that you back up all
encrypted files.
You can familiarize yourself with our product on the
following reputable site:
hxxps://www.bleepingcomputer.com/forums/t/712395/oled-makop-ransonware-makop-support-topic/In no case do we extort money from you, we only offer
you our services for decrypting your files + you can
get a bonus in the form of a free audit of your
security system in order to protect yourself from such
attacks and malicious software in the future.You can contact us by email: established01@protonmail.com
In the subject line, indicate your personal ID number,
which is indicated in the name of your files.
If you do not receive a response after 6 hours, then
resend the message to our backup email:
fargodrops@cock.li
Criminals use the “readme-warning.txt” file to demand ransom from the Makop ransomware victims. The ransom demand message said that the victim’s files are encrypted. The ransomware authors demand a ransom in exchange for a key and a decryptor. Attackers offer to decrypt some little files for free, but these files should not contain any valuable information. Of course, decryption of some small files cannot guarantee that, after paying the ransom, the victim will be able to recover files affected with the ransomware.
Threat Summary
Name | Makop |
Type | Crypto malware, Crypto virus, Filecoder, File locker, Ransomware |
Encrypted files extension | .makop |
Ransom note | readme-warning.txt |
Contact | makop@airmail.cc, established01@protonmail.com, fargodrops@cock.li |
Ransom amount | $500-$1500 in Bitcoins |
Detection Names | Malware/Win32.Generic.C3977162, Trojan.Ransom.Filecoder, Ransom:Win32/Phobos.bb558b83, Ransom.Makop.S11834468, W32/Ransom.MM.gen!Eldorado, Trojan.Cryptor.pc, Ransom.FileLocker, Trojan.Win32.Encoder.gztnsj, Win32.Trojan.Filecoder.Pbfg, Trojan.Filecoder!uhuVcjFxVpQ |
Symptoms | Encrypted personal files. All of your documents, photos and music have a new file extension appended to the filenames. Your file directories contain a ‘ransom note’ file that is usually a .html, .jpg or .txt file. You have received instructions for paying the ransom. |
Distribution methods | Malicious email attachments. Drive-by downloads (crypto virus can infect the computer simply by visiting a webpage that is running harmful code). Social media posts (they can be used to entice users to download malicious software with a built-in ransomware downloader or click a suspicious link). |
Removal | Makop ransomware removal guide |
Recovery | Makop File Recovery |
The fact that to date, antivirus companies have not created a method to decrypt files encrypted by the Makop ransomware. Nevertheless, you do not need to despair. There are several ways to find and remove Makop ransomware, and there is also a chance to restore part or even all encrypted files to their original state. Below we will describe in detail how to do this.
How to remove Makop ransomware, Restore .Makop files
If you encounter the malicious actions of Makop ransomware, and your files have been encrypted with ‘.Makop’ extension, then you need to remove the virus or be 100% sure that there is no ransomware on your computer, and then proceed to restore the files. Both the ransomware removal process and the file recovery process will take a lot of time, so do not believe the magical instructions that say that this can be done very quickly. We definitely recommend, even if for some reason one of the methods proposed below did not suit you, try another one and try all of them. Perhaps one of them will help you. Feel free to ask questions in the special section on our website or in the comments below. In addition, we want to say that all the tools that we recommend using in our instructions are free and verified by security experts. And the last, before proceeding with the instructions, we advise you to read it thoroughly carefully, and then print or open it on a tablet or smartphone to have it always at hand.
- How to remove Makop ransomare
- How to decrypt .makop files
- How to restore .makop files
- How to protect your PC from Makop ransomare
How to remove Makop ransomare
There are not many good and free malware removal tools with high detection ratio. The effectiveness of malware removal utilities depends on various factors, mostly on how often their virus/malware signatures DB are updated in order to effectively detect modern worms, trojans, ransomware and other malware. We suggest to run several programs, not just one. These programs that listed below will help you remove the Makop ransomware virus from your disk and Windows registry.
Remove Makop ransomare with Zemana Anti Malware
Zemana AntiMalware is a malware removal tool that performs a scan of the system and displays if there are existing ransomware, spyware, trojans, adware software, worms and other malicious software residing on your PC. If malware is detected, Zemana Anti-Malware can automatically remove it. Zemana Free does not conflict with other antimalware and antivirus applications installed on your personal computer.
- First, visit the page linked below, then click the ‘Download’ button in order to download the latest version of Zemana Anti-Malware (ZAM).
Zemana AntiMalware
164104 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- When the download is done, close all software and windows on your computer. Open a file location. Double-click on the icon that’s named Zemana.AntiMalware.Setup.
- Further, press Next button and follow the prompts.
- Once install is complete, click the “Scan” button to perform a system scan for the Makop ransomware virus, other kinds of potential threats like malicious software and trojans. A system scan may take anywhere from 5 to 30 minutes, depending on your machine. When a malicious software, adware software or PUPs are detected, the count of the security threats will change accordingly.
- Once Zemana has finished scanning your system, Zemana Free will display a screen that contains a list of malware that has been detected. All detected items will be marked. You can remove them all by simply click “Next”. After the cleaning procedure is done, you can be prompted to reboot your computer.
Remove Makop virus with MalwareBytes AntiMalware (MBAM)
You can remove Makop virus automatically with a help of MalwareBytes Anti-Malware. We recommend this free malware removal tool because it can easily delete ransomware, adware software, malware and other undesired software with all their components such as files, folders and registry entries.
First, visit the following page, then press the ‘Download’ button in order to download the latest version of MalwareBytes Anti Malware.
326458 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
After the download is done, close all programs and windows on your personal computer. Double-click the install file called mb3-setup. If the “User Account Control” dialog box pops up like the one below, click the “Yes” button.
It will open the “Setup wizard” which will help you install MalwareBytes Free on your system. Follow the prompts and don’t make any changes to default settings.
Once installation is done successfully, click Finish button. MalwareBytes Free will automatically start and you can see its main screen as shown in the following example.
Now press the “Scan Now” button for scanning your computer for the Makop ransomware virus related folders,files and registry keys. A system scan may take anywhere from 5 to 30 minutes, depending on your computer. While the utility is checking, you can see how many objects and files has already scanned.
When MalwareBytes AntiMalware (MBAM) is complete scanning your PC, MalwareBytes Anti-Malware (MBAM) will open a scan report. Once you have selected what you want to remove from your PC system press “Quarantine Selected” button. The MalwareBytes Anti Malware will remove Makop crypto virus related folders,files and registry keys. After the clean up is finished, you may be prompted to reboot the personal computer.
We recommend you look at the following video, which completely explains the procedure of using the MalwareBytes Anti Malware to delete adware, hijacker and other malware.
If the problem with Makop is still remained
Kaspersky virus removal tool (KVRT) is free and easy to use. It can scan and remove rasnomware, spyware, potentially unwanted apps, worms, trojans, adware and other malicious software. KVRT is powerful enough to find and remove malicious registry entries and files that are hidden on the machine.
Download Kaspersky virus removal tool (KVRT) from the following link.
129082 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the downloading process is finished, double-click on the KVRT icon. Once initialization procedure is done, you’ll see the Kaspersky virus removal tool screen as shown in the following example.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button to start checking your computer for the Makop crypto virus and other malware. A scan may take anywhere from 10 to 30 minutes, depending on the number of files on your computer and the speed of your PC. While the tool is checking, you can see number of objects and files has already scanned.
Once Kaspersky virus removal tool completes the scan, you will be displayed the list of all detected items on your computer as shown in the following example.
Once you’ve selected what you wish to remove from your PC click on Continue to begin a cleaning procedure.
How to decrypt .makop files
Files with the extension ‘.makop’ are encrypted files. In other words, the contents of these files are locked. Their contents cannot be read even if you rename files or change their extension. Unfortunately, today there is no way to decrypt files encrypted by Makop ransomware virus, because to decrypt them you need a unique key, and this key is in the hands of criminals.
Never pay the ransom! Nevertheless, everyone has to remember that paying the developers of the Makop ransomware virus who are threatening you is a terrible idea. You can pay this money, but there is no guarantee that your files will be yours again. That is the reason why you should consider other options (that do not involve paying the makers of the Makop ransomware) in order to decrypt locked personal files. There still are some ways to defuse crypto malware without paying ransom, so you would not need to pay hackers and you would not let them reach their goal.
Fortunately, there are several alternative methods that do not require the use of a key and therefore allow you restore the contents of encrypted files. Try to recover the encrypted files using free tools listed below.
How to restore .makop files
If all your files are encrypted with .makop file extension, then you only have one thing left, use alternative methods to restore the contents of the encrypted files. There are several alternative methods that may allow you to restore the contents of encrypted files. These methods of file recovery do not use decryption, so there is no need for a key and decryptor. Before you begin, you must be 100% sure that the computer does not have active ransomware. Therefore, if you have not yet checked your computer for ransomware, do it right now, use free malware removal tools or return to step 1 above.
Use shadow copies to restore .makop files
A free tool named ShadowExplorer is a simple solution to use the ‘Previous Versions’ feature of MS Windows 10 (8, 7 , Vista). You can recover your documents, photos, and music encrypted by the Makop ransomware from Shadow Copies for free. Unfortunately, this method does not always work due to the fact that the ransomware almost always deletes all Shadow copies.
First, visit the page linked below, then click the ‘Download’ button in order to download the latest version of ShadowExplorer.
438805 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After downloading is done, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown on the image below.
Run the ShadowExplorer utility and then choose the disk (1) and the date (2) that you wish to recover the shadow copy of file(s) encrypted by the Makop ransomware virus as on the image below.
Now navigate to the file or folder that you want to restore. When ready right-click on it and click ‘Export’ button similar to the one below.
Run PhotoRec to restore .makop files
There is another way to recover the contents of the encrypted files. This method is based on using data recovery tools. We recommend using a tool called PhotoRec. It has all the necessary functions and is completely free.
Download PhotoRec from the link below.
Once downloading is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed in the figure below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will open a screen as shown below.
Choose a drive to recover as shown below.
You will see a list of available partitions. Choose a partition that holds encrypted photos, documents and music similar to the one below.
Click File Formats button and choose file types to restore. You can to enable or disable the restore of certain file types. When this is done, click OK button.
Next, click Browse button to choose where restored photos, documents and music should be written, then press Search.
Count of restored files is updated in real time. All restored personal files are written in a folder that you have selected on the previous step. You can to access the files even if the recovery process is not finished.
When the restore is complete, click on Quit button. Next, open the directory where recovered photos, documents and music are stored. You will see a contents as shown below.
All restored personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your PC from Makop ransomware
Most antivirus software already have built-in protection system against the crypto malware. Therefore, if your computer does not have an antivirus program, make sure you install it. As an extra protection, use the HitmanPro.Alert. HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
First, click the following link, then press the ‘Download’ button in order to download the latest version of HitmanPro.Alert.
When the download is finished, open the file location. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. When the utility is started, you’ll be displayed a window where you can select a level of protection, as on the image below.
Now click the Install button to activate the protection.
To sum up
This guide was created to help all victims of the Makop ransomware virus. We tried to give answers to the following questions: how to remove ransomware; how to decrypt .Makop files; how to recover the encrypted files. We hope that the information presented in this manual has helped you.
If you have questions, then write to us, leaving a comment below. If you need more help with Makop virus related issues, go to here.