Intel Name: Makop ransomware
Date of Scan: December 24, 2024
Impact: High
Summary: Makop ransomware, an offshoot of the PHOBOS variant, actively targets organizations, including critical sectors, by encrypting files and demanding ransom payments in bitcoin. It exploits various attack vectors, such as unsecured RDP services, phishing emails, malicious attachments, and torrent websites. The ransomware uses tools like PowerShell, Mimikatz, and PsExec for lateral movement and network scanning. It employs AES-256 encryption and appends “.makop” or “.mkp” to encrypted files. Makop operates under an affiliate model and is known for disabling volume shadow copies to prevent file recovery.