get demo
Free Trial
Back to all
Ransomware Research

Makop

Makop was first discovered in August 2011 in enterprise cloud environments. Makop is found in environments with a number of different names, including Oled-Makop, Carlos, Shootlock, Shootlock-2, Origami, Tomas, Zbw, Fireee, Zes, Hidden, Captcha, Fair, etc. For a full list of all names, please see below.

Name

Makop

 

First Seen

August 2011

Targeting

Behavior of Makop

Makop is known to target specific file types. Below are all known file types that Makop is known to infect.

In some cases, ransomware will update the modified date, when it encrypts files. Makop updates the last modified date of the file it targets.

Details

Characteristics of Makop

Suffixes

Some ransomware will change or append a suffix to the end of the file after they are encrypted, including changing the extension of a file. Here are some of the possible suffixes that Makop ransomware is known to change.

Suffixes

.makop, .CARLOS, .shootlock, .shootlock2, .origami, .tomas, .zbw, .fireee, .zes, .Hidden, .captcha, .fair, .moloch, .vassago, .pecunia, .id2020, .dark, .xdqd, .harmagedon, .code, .mkp, .razer, .snick, .baal, .gamigin, .mammon, .oled, .baseus, .usagoo

Ransomware Notes

Not all ransomware leaves a note. However, some ransomware leaves the infected party instructions on what the user should do to get rid of the ransomware, or satisfy the ransom. This often involves transferring money, often bitcoin or another cryptocurrency to a designated wallet.

Below are the type(s) of notes, content, and typical locations where Elastio has found ransom notes from Makop.

Type

File Name

Location

file

readme-warning.txt

EveryFolder

file

build note.txt

EveryFolder

file

+README-WARNING+.txt

EveryFolder

Executables

These are the names of the executables that contain the undetonated ransomware payload for Makop.

Executables

executable.exe, visual.exe, visual.bin, 1NS.exe, makop.exe, 지원서_20200303(열심히하겠습니다 잘부탁드립니다).exe, svchost.exe.tmp, makop_nowin.exe, MetadataSys.exe, MetadataSys, MetadataSys.dll, svchost.exe, screensaver.exe, 1964400829.exe, Desktop_Locker.exe, Desktop Locker.exe, 1074076748.exe, 396017923.exe, 105521611.exe, lov.exe, invoice.exe, explore.exe, DESKTOP LOCKER.EXE, cmd.exe, DesktopLocker.exe, winl.exe, Desktop Locker(@A7la6) .exe, Desktop_Locker.exe-, filename, Screen Locker B.exe, winlogon.exe, Desktop_Locker-spaces.ru.exe, Desktop-Locker.exe, Desktop_Locker-spaces.ru-spaces.ru.exe, desktop_locker.exe, 1.exe, freebieblog.ru_desktop_locker.exe, апа.exe, a.exe, 이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe, makop_visual.exe, vt.exe, maki.exe, zes.exe, 입사지원서_200812(경력사항도 같이 확인 부탁드리겠습니다 열심히하겠습니다).exe, 경력사항_200826(경력사항도 같이 확인부탁드리겠습니다 열심히하겠습니다).exe, 부당 전자상거래 위반행위 안내(20201006)자료 반드시 준비해주세요.exe, Betternet-6.4.0.exe, 부당 전자상거래 위반행위 안내(20201020)자료 반드시 준비해주세요.exe, 부당 전자상거래 위반행위 안내(20201023)자료 반드시 준비해주세요.exe, ║╬┤τ └ⁿ└┌╗≤░┼╖í └º╣▌╟α└º ╛╚│╗(20201022)└┌╖ß ╣▌╡σ╜├ ┴╪║±╟╪┴╓╝╝┐Σ.exe, captcha_visual.exe, .mc_auto.exe, 1111.bin.exe, 1111.exe, fgf.exe, 저작권법 관련하여 위반인 사항들 정리하여 보내드립니다.exe, GameDownload, GameDownload.exe, 是官.exe, X.exe, research document.doc, 이미지 원본(제가 제작한 이미지)과 사용하고 있으신 이미지 정리한 내용.exe, Fat32Formatter.exe, 입사지원서(경력사항도 같이 기재하였습니다 잘 부탁드립니다).exe, wlnlogon.exe, 이력서_210905(경력사항도 같이 기재하였습니다 같이 확인부탁드립니다).exe, 이력서_211223(경력사항도 같이 기재하였습니다 잘 부탁드립니다).exe, N1eh.exe, _____220228(_____ __ _______ _______).exe, 이력서(200305)열심히하겠습니다 잘부탁드립니다.exe, Polygon’s Microshaft, 포트폴리오.exe, .mc_hand.exe

External Pages

Ransomware often links to external pages such as payment pages, telegram contacts, etc. Below are some of the URLs Elastio has found to be associated with Makop.

External Pages

  • TOX:4A7F41CC6A5B87AF99450066F313C224D4E0E5501414670A8C5B802403E6292FC87FBE7C5C48
  • http://crdclub4wraumez4.onion
  • https://www.abra.com
  • https://privnote.com/RE8rMp1F#o62LIV8w5
  • mailto:makop@airmail.cc
  • mailto:makop@exploit.im
  • mailto:makop@thesecure.biz
  • mailto:carlosrestore2020@aol.com
  • mailto:somalie555@tutanota.com
  • mailto:luntik2316@protonmail.com
  • mailto:luntik2316@tutanota.com
  • mailto:troubleshooter@cock.li
  • mailto:helpdesk_makp@protonmail.ch
  • mailto:veracry@protonmail.com
  • mailto:data.compromised@protonmail.com
  • mailto:cock89558@cock.li
  • mailto:prndssdnrp@mail.fr
  • mailto:markmontgomery2020@hotmail.com
  • mailto:buydecryptor@aol.com
  • mailto:buydecryptor@cock.li
  • mailto:xaodecrypt@protonmail.com
  • mailto:xaodecrypt@airmail.cc
  • mailto:calwaykitty@aol.com
  • mailto:established01@protonmail.com
  • mailto:fargodrops@cock.li
  • mailto:n0pr0blems@protonmail.com
  • mailto:verilerimialmakistiyorum@inbox.ru
  • mailto:datewatchman@protonmail.com
  • mailto:maknop@cock.li
  • mailto:fooox1@protonmail.com
  • mailto:giantt1@protonmail.com
  • mailto:akzhq12@cock.li
  • mailto:killyouass@protonmail.com
  • mailto:killyouass@horsefucker.org
  • mailto:payfordecoder@hotmail.com
  • mailto:payforkey@protonmail.com
  • mailto:restoring.data@protonmail.com
  • mailto:compromised@airmail.cc
  • mailto:makop@tuta.io
  • mailto:makop@elude.in
  • mailto:savedata2@protonmail.com
  • mailto:savedata@cumallover.me
  • mailto:makop@cock.li
  • mailto:helpmakop@cock.li
  • mailto:ruthlessencry@qq.com
  • mailto:akzhq530@protonmail.com
  • mailto:origami7@firemail.cc
  • mailto:prosoft@tutanota.com
  • mailto:akzhq615@protonmail.com
  • mailto:pandoraman@tutanota.com
  • mailto:genfiles@protonmail.com
  • mailto:keymaster@cock.li
  • mailto:tomasrich2020@aol.com
  • mailto:tomasrich2020@protonmail.com
  • mailto:akzhq00705@protonmail.com
  • mailto:crypt@qbmail.biz
  • mailto:paco@airmail.cc
  • mailto:getdataback@qbmail.biz
  • mailto:decryption@zimbabwe.su
  • mailto:zimbabwe@msgsafe.io
  • mailto:helpforyou@firemail.cc
  • mailto:mrdoc8869@xmpp.jp
  • mailto:krymaster@mail.com
  • mailto:datalost@foxmail.com
  • mailto:encryptboys@tutanota.com
  • mailto:johncastle@msgsafe.io
  • mailto:johncastle1000@protonmail.com
  • mailto:myfiles@msgsafe.io
  • mailto:votrefile@tuta.io
  • mailto:paymantsystem@cock.li
  • mailto:akzhq808@cock.li
  • mailto:akzhq808@tutanota.com
  • mailto:ranbarron88@qq.com
  • mailto:crypt@zimbabwe.su
  • mailto:decryption.zimbabwe@protonmail.com
  • mailto:decryptdocs@msgsafe.io
  • mailto:decryptdocs@firemail.cc
  • mailto:genovo@protonmail.com
  • mailto:akzhq915@tutanota.com
  • mailto:akzhq915@protonmail.ch
  • mailto:akzhq915@airmail.cc
  • mailto:akzhq1010@tutanota.com
  • mailto:akzhq1010@cock.li
  • mailto:wannadecryption@gmail.com
  • mailto:garantos@mailfence.com
  • mailto:element444@keemail.me
  • mailto:fairexchange@qq.com
  • mailto:loyaldecrypt@privatemail.com
  • mailto:johnlennoncr@hotmail.com
  • mailto:moloch_helpdesk@tutanota.com
  • mailto:moloch_helpdesk@protonmail.ch
  • mailto:dino_rans@protonmail.ch
  • mailto:dino@rape.lol
  • mailto:dino_rans@xmpp.jp
  • mailto:poyasecurity@protonmail.com
  • mailto:poyasecur@gmail.com
  • mailto:manage.file@messagesafe.io
  • mailto:morrith_smith@tutanota.com
  • mailto:filerecov3ry@keemail.me
  • mailto:admcphel@protonmail.ch
  • mailto:akzhq412@aol.com
  • mailto:akzhq710@protonmail.com
  • mailto:akzhq725@tutanota.com
  • mailto:akzhq725@cock.li
  • mailto:akzhq830@tutanota.com
  • mailto:antiransomware@aol.com
  • mailto:antiransomware@outlook.sg
  • mailto:backup_499@protonmail.com
  • mailto:checkfilelock@protonmail.ch
  • mailto:cloudfiles@airmail.cc
  • mailto:cloudfiles@msgsafe.io
  • mailto:davidrecovery@protonmail.com
  • mailto:farik1@protonmail.com
  • mailto:greenreed007@qq.com
  • mailto:irisaneby@aol.com
  • mailto:joshua_antony@aol.com
  • mailto:makop.support@secmail.pro
  • mailto:makop@keemail.me
  • mailto:makopfiles@aol.com
  • mailto:mikeymaus77@protomail.com
  • mailto:modeturbo@aol.com
  • mailto:moncler@cock.li
  • mailto:mrdjohni@tutanota.com
  • mailto:myfilesdecrypt@cock.li
  • mailto:steaknshake@gmx.us
  • mailto:viginare@aol.com
  • mailto:ww6666@protonmail.com
  • mailto:agares_helpdesk@tutanota.com
  • mailto:agares@airmail.cc
  • mailto:yamer2@protonmail.com
  • mailto:vassago0213@airmail.cc
  • mailto:vassago_0213@tutanota.com
  • mailto:admindevon@cock.li
  • mailto:ryuk1@cock.li
  • mailto:pecunia0318@airmail.cc
  • mailto:pecunia0318@goat.si
  • mailto:pecunia0318@tutanota.com
  • mailto:metasload2021@protonmail.com
  • mailto:sploitmeta@mailfence.com
  • mailto:revilsupport@privatemail.com
  • mailto:decryptinfo@msgsafe.io
  • mailto:decrypt1nfo@airmail.cc
  • mailto:honestandhope@qq.com
  • mailto:xdatarecovery@msgsafe.io
  • mailto:xdatarecovery@mail.com
  • mailto:harmagedon0707@airmail.cc
  • mailto:pecunia0318@protonmail.ch
  • mailto:paybackformistake@qq.com
  • mailto:code666@msgden.com
  • mailto:elit.code@protonmail.com
  • mailto:hopeandhonest@smime.ninja
  • telegram:@tomasrich
  • mailto:datastore@cyberfear.com
  • mailto:back2up@swismail.com
  • mailto:razer1115@goat.si
  • mailto:snick0222@goat.si
  • mailto:helpdesk220222@tutanota.com
  • mailto:baal0625@goat.si
  • mailto:akzhq@cock.li
  • mailto:akzhq@protonmail.com
  • mailto:icq-is-firefox20@ctemplar.com
  • mailto:telegramfirefox2029@protonmail.com
  • mailto:alexpetrov11094@gmail.com
  • mailto:alexanderpetrov20200@gmail.com
  • mailto:davidcastle@msgsafe.io
  • mailto:davidcastle@cock.li
  • mailto:marbas0630@tutanota.com
  • mailto:vassago_0203@tutanota.com
  • mailto:vassago0203@cock.li
  • mailto:gamigin0612@tutanota.com
  • mailto:mammon0503@protonmail.com
  • mailto:mammon0503@tutanota.com
  • mailto:samsung00700@tutanota.com
  • TOX:4A6ABD1AA183A13EFC8DA8544DCFF703BC212C71B3BF56875932708E33BB03715210341813CE
  • mailto:akzhq520@protonmail.com
  • mailto:akzhq520@aol.com
  • mailto:oled@airmail.cc
  • mailto:baseus0906@goat.si
  • mailto:vassago0225@airmail.cc
  • mailto:vassago0225@cock.li
  • mailto:vassago0225@tutanota.com

elastio-icon
Elastio Can Help You

Don’t let ransomware
take over your data.

Learn More
Get Started
elastio-logo
120 Causeway Street Boston, MA 02114

11921 Freedom Drive
Two Fountain Square, Suite 550 Reston, VA 20190

elastio-footer-certification-logos

Support

Company

Contact

Copyright © 2020 – 2024 Elastio