Makop-Oled Ransonware (.makop, .origami, .tomas, .zbw. mkp) Support Topic

Any files that are encrypted with Oled Ransomware will have an email followed by the .oled extension appended to the end of file and typically will leave files (ransom notes) named DECRYPTION.txt as explained here by Amigo-A (Andrew Ivanov).

.[black.mirror@qq.com].oled

Any files that are encrypted with Makop Ransomware will have an [ID random 8 character].<email> followed by the .makop, .CARLOS, .origami, .tomas, .zbw, .zes, .Hidden, .fireee, .captcha, .fair, .moloch, .vassago, .WKSGJ, .pecunia, .ID2020, .dark, .XDQD, .harmagedon, .code, .mkp, .phmqdw, .session, .ZFX, .stolen, .rajah, .read, .SOG, .chocolate, .rocklee, .reload, .datah extension appended to the end of file and typically will leave files (ransom notes) named README_WARNING_.txt, RESTORE_FILES_INFO.txt, +README-WARNING+.txt as explained here by Amigo-A (Andrew Ivanov). These are a few examples.

.[EFC17099].[makop@airmail.cc].makop
.[16A95E8C].[Carlosrestore2020@aol.com].CARLOS
.[9539E0E8].[KILLYOUASS@protonmail.com].zbw
.[4B2E4630].[Johncastle@msgsafe.io].zes
.[4B2E4630].[Garantos@mailfence.com].captcha
.[1f5bb265].[Moloch_helpdesk@tutanota.com].moloch
.[EC3B84551.[emcryptsupport@msgsafe.io].mkp
.[E574F644].[Dekrypt24@tutanota.com].mkp
.[2AF20FA3].[reload2024@outlook.com].reload

 
 
 
Hello guys, i have problem in the my network .
my server has been hacked and the data encrypted by this .makop ransonware is posting the rescue txt files and some encrypted files. if someone can help me, thank you, because these data are government data where I take care of the IT part.

arquive extension exemploe AD DENTARIA 2.pdf.[EFC17099].[makop@airmail.cc].makop

thank you for your attention and thank you who can help.

Did you submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) OR Emsisoft Identify your ransomware for assistance with identification and confirmation of the infection? Uploading both encrypted files and ransom notes together along with any contact email addresses or hyperlinks provided by the criminals gives a more positive match with identification and helps to avoid false detections.

Please provide a link to the ID Ransomware results. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 (Michael Gillespie) to manually inspect the files and check for possible file markers.

Unable to determine ransomware.

Please make sure you are uploading a ransom note and encrypted sample file from the same infection.

This can happen if this is a new ransomware, or one that cannot be currently identified automatically.

You may post a new topic in the Ransomware Tech Support and Help forums on BleepingComputer for further assistance and analysis.

Please reference this case SHA1: 3903adef75b28ac836cd4c580551376582df53da

I needd help, can help me ??? please

Please upload the original ransom note and several samples of encrypted files (different formats - doc, png, jpg) to the following third-party file hosting service and provide a link or send a PM with a link to Amigo-A (Andrew Ivanov) so he can manually inspect them.

• DropMeFiles

It is best to compress large files before sharing. When the file has been uploaded, you will see a screen stating that the upload was successful. Right-click on the filename link, select Copy Shortcut and paste the link in your next reply.

Please be patient until Amigo-A has a chance to review the information you provided and Demonslay335 has a chance to review the case SHA1. They are both volunteers who assist members as time permits. Demonslay335 is inundated with numerous support requests and it may take some time to get a reply.

This is Oled-Makop Ransomware
https://twitter.com/siri_urz/status/1221797493849018368
 
/// I have not yet published a description for this year's variants. I need to correct and compare the variants of previous years.

Edited by quietman7, 10 December 2020 - 07:21 AM.

Please correct the error in the topic name - the correct extension is .makop

WHAT Key for Decrypter Ransonware .makop

Please upload the original ransom note and several samples of encrypted files (different formats - doc, png, jpg) to the following third-party file hosting service and provide a link or send a PM with a link to Amigo-A (Andrew Ivanov) so he can manually inspect them.

• DropMeFiles

It is best to compress large files before sharing. When the file has been uploaded, you will see a screen stating that the upload was successful. Right-click on the filename link, select Copy Shortcut and paste the link in your next reply.

Please be patient until Amigo-A has a chance to review the information you provided and Demonslay335 has a chance to review the case SHA1. They are both volunteers who assist members as time permits. Demonslay335 is inundated with numerous support requests and it may take some time to get a reply.

https://drive.google.com/drive/folders/1s---2mbYrQO2If78c0-LBwBvNaWq85z8?usp=sharing

This is link for download encrypted files many formats and txt ranson note.

Thank you for help me...

This is Oled-Makop Ransomware

https://twitter.com/siri_urz/status/1221797493849018368

 

/// I have not yet published a description for this year's variants. I need to correct and compare the variants of previous years.

 

https://drive.google.com/drive/folders/1s---2mbYrQO2If78c0-LBwBvNaWq85z8?usp=sharing

This is link for download encrypted files many formats and txt ranson note.

Thank you for help me...

Edited by Amigo-A, 29 January 2020 - 10:10 AM.

Please correct the error in the topic name - the correct extension is .makop

Done.

Good morning. I am having the same issue. I am attaching a zip file that has a few examples and the ransom note. Has anyone gotten anywhere with this?

Unfortunately, there is no known method that I am aware of to decrypt files encrypted by Makop-Oled Ransonware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.

If feasible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time. Ransomware victims should ignore all Google searches which provide numerous links to bogus and untrustworthy removal/decryption guides. After our experts tweet or write about a new variant, junk articles with misinformation are quickly written in order to goad victims into purchasing sham removal and decryption software. Only use trusted sources when searching for information.

I finished a full analysis of this ransomware - it is secure.

 

https://twitter.com/demonslay335/status/1232330195144728577

case number: 5ad446683e2eae73b7b65ba0cb97ce6d14494bf0

 

https://dropmefiles.com/KyDh4

Hi , 

 

Is there a hope to recover the infected files ?

Edited by tammam, 09 March 2020 - 03:48 PM.