Makop (Phobos) ransomware virus removal instructions
Makop ransomware encrypts files and creates a ransom note – “info.txt”. The ransomware blocks access to files stored on the infected computer and instruct to restore them. The Makop virus has been identified as a strain of the Phobos ransomware family, all these cyber threats are designed to help hackers make money by harassing victims to pay high ransoms to get their files back.
Makop, the virus encrypts primary computer data such as video, images, audio, documents archives, and backup files, etc, using a powerful RSA[1] and AES[2] algorithms. This encryption is very complex, changes file extensions to -.[back23@vpn.tg].makop, therefore, changes made to target files are difficult to revert.
How does Makop Ransomware by Phobos infect the computer?
Cybercriminals most use Trojans, Malspam software updaters, unofficial software activation tools, and untrusted file download sources, to distribute their malware (Makop virus in this case).
- A Trojan horse is a type of malware that can be designed to cause chain infections. Once a particular Trojan horse is installed in the operating system, it can spread its payload (other malware).
- Malspam is a spam email with a malicious attachment or inserted link. The main purpose of this method is to trick a recipient into opening a malicious file that installs ransomware. For example, can be attached a malicious Microsoft Office document, RAR, ZIP, PDF document, JavaScript file, or another file.
- Fake software updates cause damage by exploiting bugs, blocking some outdated software installed on computers, or installing malware instead of updating or repairing installed software. Unofficial activation of the software will unlawfully activate the licensed software. They are often used by cybercriminals to trick users into infecting their computers. These tools are often loaded with malware, malicious code injected into them. They are often used for the distribution of malicious files. When downloaded and opened, these files install ransomware. To trick users into downloading these files, cybercriminals disguise them as legal. Examples of untrustworthy file and program download sources are:
- unofficial websites,
- free file hosting,
- free software download pages,
- third-party downloaders,
- peer-to-peer networks (eg, torrent clients, eMule).
What is the Makop ransomware?
In the unfortunate event that the files that store your valuable information are locked and renamed with the “.[back23@vpn.tg].makop” extension, you should know that your PC is infected with a strain of Phobos ransomware (Dirk, Health, XIII, pHv1, Calvo, Xhamster, Lookfornewitguy, Elbie, Acuna.). This threat, called the Makop virus, tries to convince its victims to pay a large ransom to the ransomware operators. Ransom notes generated by ransomware typically include an email address that can be used to contact attackers, the price of a decryption tool (software, key), payment term, cryptocurrency wallet address, and other details.
Threat Summary
The majority of these attackers offer to decrypt the one attacked file for free, in order to lure the victim into contacting them. It is also mentioned that the price for decryption depends on how quickly the victims write an email to the specified addresses (or contact the specified Telegram user). Moreover, one of the ransom notes warns victims not to rename files or decrypt files with third-party software as this can irreversibly damage the files. In most cases, victims cannot decrypt files without a unique key or decryption software that only the cybercriminals behind ransomware possess. There is no third-party tool that can also decrypt files encrypted by the Makop virus.
ion of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.RANSOM NOTE – INFO.TXT
| Name | Makop virus |
| Ransomware family | Phobos Ransomware |
| Extension | .[back23@vpn.tg].makop |
| Damage level | High |
| Ransom note | info.hta window pop-up and info.txt |
| Ransom amount | From $500 to 1500 (In Bitcoin) |
| Contact | back23@vpn.tg, hopeandhonest@smime.ninja, hopeandhonestt@gmail.com |
| Symptoms | Files cannot be opened and the extension changed from savings.doc to savings.doc.[back23@vpn.tg].makop |
| Virus removal (auto) | Free remove with Malwarebytes |
| File recovery (auto) | Free scan with EaseUS Data Recovery Wizard Pro |
| System fix (auto) | *Bonus free system scan with Restoro |
The majority of these attackers offer to decrypt the one attacked file for free, in order to lure the victim into contacting them. It is also mentioned that the price for decryption depends on how quickly the victims write an email to the specified addresses (or contact the specified Telegram user). Moreover, one of the ransom notes warns victims not to rename files or decrypt files with third-party software as this can irreversibly damage the files. In most cases, victims cannot decrypt files without a unique key or decryption software that only the cybercriminals behind ransomware possess. There is no third-party tool that can also decrypt files encrypted by the Makop virus.
All your files have been encrypted!
!!!BEFORE YOU CONTACT THE RECOVERY COMPANY, WRITE TO US PERSONALLY!!!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail back23@vpn.tg
Write this ID in the title of your message –
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Ransom note – info.txt
The only way to retrieve documents or files without incurring any charges is to perform a backup restore. Paying a ransom is not recommended as there is no guarantee that the attackers will provide a decryption tool. It is normal for victims to get nothing in return, even if they pay a ransom. Another important thing is to remove ransomware from the infected computer as soon as possible. Otherwise, you can infect more computers (other computers on the same network) or encrypt new files on the already infected computer.
Remove Makop Ransomware
Makop ransomware prevents victims from accessing their files until they have paid a ransom that is strongly recommended NOT to do by authorities. We provided instructions on how to get rid of it in a legal way.
1Step Backup Encrypted Files
Recommended doing a backup of virus-locked computer data. Files copy should be transferred to external storage like portable HDD, USB, or SD card. This is important to ensure that manually removing won’t damage your files. If you are not sure about your computer science level recommend using premium auto removal programs.
2Step Makop Ransomware Removal
A) Boot Windows OS in safe mode with the command prompt.
- cd restore and press Enter;
- rstrui.exe and press Enter.
B) Enter commands to restore the system:
- Click “Next”;
- Choose on data before data rare locked and click “Next”;
- Final step – click “Finish”.
IMPORTANT in any circumstances highly recommended to download a free trial of Malwarebytes to make sure that MedusaLocker ransomware was removed successfully. Virus name detection database[3] target="_blank" rel="noopener">Virus name detection database – VirusTotal of threat.
Makop Virus Deleted Files Recovery
Stricly not recommended contact the attacker who offers to provide the decryption tool, that hackers specifically created for the Makop virus. Money and data loss can only be avoided if there is a free decryption tool available for download from the Internet or if the ransomware has certain vulnerabilities.
NOTE Makop virus must be successfully removed before doing data recovery. It is no guarantee that files will be recovered with any program, our team provides one of the most powerful data recovery tools on the market, it will scan all your lost data for free.
[jackra[back23@vpn.tg].makop ransomware – free recovery guide.
Total Time: 3 minutes
Step 1
Download and install by data recovery tool EaseUs Data recovery wizard pro. (free download)
1. Click on the download bar.
2. Click “Open”.
Step 2
1. Click “Yes”.
2. Click “Install Now”.
Step 3
Click “Start Now”.
Step 4
Select a hard drive with lost files.
Step 5
To check if it is possible to recover lost data, on the file, click right mouse key for a preview.
If the file recovery didn’t work for you, use the five-star rated Restoro app, for a free system scan to identify and repair Windows OS damage.
How to protect the computer from Makop ransomware infection?
Programs and files must be downloaded from official websites with direct links. Tools that can be used to distribute malicious files should not be downloaded (or installed) from third-party downloaders (or installers), peer-to-peer networks (eg, torrent clients, eMule), or other sources. Irrelevant emails received from unknown and suspicious addresses that contain attachments (or web links) should not be approved. Cybercriminals very often use email as a channel to spread malware. It is important to analyze received emails before opening any files or links containing them. In addition, the installed software must be updated with tools or functions provided by official developers.
The same goes for its activation. It is common for third-party tools to be malicious or used to distribute malware. In addition, it is not legal to bypass the activation of licensed software with unofficial activation tools (“cracking”) or to use illegal software. In addition, it is recommended that you regularly run virus scans and use reliable anti-virus or anti-spyware software. If your computer is already infected with Makop ransomware, we advise you do some deep virus check with Malwarebytes to get rid of this ransomware automatically. Therefore, it is recommended to regularly back up data and keep it on a remote server such as the cloud or disconnected storage devices.
FAQ
How to remove Makop ransomware?
You can do a system restore before infection or use a free trial version of Malwarebytes for automatic virus removal.
Removing Makop ransomware will make my files usable again?
No, files should be decrypted for further use.
Makop ransomware has damaged my files?
No, files are not damaged, they are encrypted.
How to decrypt files affected by the Makop virus?
The easiest way is to use a backup, if it is not made try to use a premium EaseUsdata recovery tool.
Virus developers must be reported to the local police or cybercrime departments.
- In the United States – On Guard Online website.
- In the United Kingdom – Action Fraud website.
- In Australia – SCAMwatch website.
- In Canada – Canadian Anti-Fraud Centre.
- In France – Agence nationale de la sécurité des systèmes d’information
- In Germany – Bundesamt für Sicherheit in der Informationstechnik website.
- In Ireland – An Garda Síochána website.
- In New Zealand – Consumer Affairs Scams website.
- In India – Indian National Cybercrime Reporting Portal.
- In Pakistan – National Response Centre For Cyber Crime.
References
| ^1 | RSA encryption algorithm – wikipedia |
|---|---|
| ^2 | AES encryption algorithms – wikipedia |
| ^3 | https://www.virustotal.com/gui/file/58fb76057468661da38efc981c64292987184226f82b7eddeff1844f6a725d95/detection" target="_blank" rel="noopener">Virus name detection database – VirusTotal |