Makop-Oled Ransonware (.makop, .origami, .tomas, .zbw. mkp) Support Topic

Is there a hope to recover the infected files ?

Not at this time. Demonslay335 already stated it is secure and I advised that usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.
 

Hi, i have the same problem with makop, victim started 18/03/20

Me infected yesterday. bp.lst.[XXXXXXXX].[modeturbo@aol.com].makop

Any solution to uncrypt? I think that i'm bleeped...

Possible to restore the files, to a stat previous without backup? Like programs recuva, or something like this?

Anyone try to pay, with success for decrypt?

Edited by mufyto, 21 March 2020 - 05:47 AM.

As already noted, it is secure and not decryptable.

In regards to paying the ransom and dealing with or negotiating with the malware developers, read my comments about victim experiences in this topic.

 

Thanks for your answer. And its possible to restore the files with recuva or stella data recovery?

As already noted, it is secure and not decryptable.

 

In regards to paying the ransom and dealing with or negotiating with the malware developers, read my comments about victim experiences in this topic.

 

Doesn't hurt to try the free versions. Slim chance, but some people get lucky with a few files in rare cases.

Thanks, I'm trying with recuva, but I'haven't got hope to restore the data... Well, i got a backup of 2 years ago...

Is there any possibilty in the future, to may decrypt the files?

Doesn't hurt to try the free versions. Slim chance, but some people get lucky with a few files in rare cases.

We have no way of knowing when or if a free (or legitimate paid for) decryption solution will ever be available and no one can ever guarantee if any ransomware can be decrypted without paying the ransom to the criminals or by paying them. The possibility of decryption depends on a variety of factors as explained here. For now all you can do is backup/save your encrypted data as is and wait for a possible solution...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.

When or if a free (or legitimate paid for) decryption solution is found, that information will be provided in this support topic and victims will receive notification if subscribed to it. In addition, a news article most likely will be posted on the Bleeping Computer front page. Amigo-A (Andrew Ivanov) will also update the applicable Digest Crypto-Ransomware Alphabetical Index.

Thank you for the answer. I contact to the criminal, and ask for 6000 $. Won't pay of sure. I've got an old backup.

We have no way of knowing when or if a free (or legitimate paid for) decryption solution will ever be available and no one can ever guarantee if any ransomware can be decrypted without paying the ransom to the criminals or by paying them. The possibility of decryption depends on a variety of factors as explained here. For now all you can do is backup/save your encrypted data as is and wait for a possible solution...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.

When or if a free (or legitimate paid for) decryption solution is found, that information will be provided in this support topic and victims will receive notification if subscribed to it. In addition, a news article most likely will be posted on the Bleeping Computer front page. Amigo-A (Andrew Ivanov) will also update the applicable Digest Crypto-Ransomware Alphabetical Index.

Edited by mufyto, 21 March 2020 - 02:24 PM.

As with most ransomware your best defense is back up, back up, and more back up on a regular basis and the best solution for dealing with encrypted data after an infection is to restore from backups.

Yes, but here, i made the big mistake, that the other backups, was plugged on the server.... Kill me.. But i've got another physical disks olders.

As with most ransomware your best defense is back up, back up, and more back up on a regular basis and the best solution for dealing with encrypted data after an infection is to restore from backups.

Hi

My server was hacked this night, i found text file with this forum... All my services down and all my employees was infected by covid... please help me !

Sample file : produit.asp.[30D6B07F-W].makop

How to decrypt these files?

Ben

ok... is it possible to use data recovery software? backups are too old ... 

In some cases the use of file recovery software such as R-Studio, Recuva or Photorec may be helpful to recover some of your original files but there is no guarantee that it will work. However, it never hurts to try in case the malware did not do what it was supposed to do. It is not uncommon for ransomware infections to sometimes fail to delete shadow copy snapshots or add an extension but fail to encrypt all data especially if the encryption process was interrupted by the victim (i.e. shutting down the computer), encountered encryption glitches, involved shoddy malware programming code or was hindered by installed security software. Although it never hurts to try this approach, in the end you still may have no choice but to backup/save your encrypted data as is and wait for a possible solution at a later time. Data recovery does not decrypt encrypted data.

• What Is Data Recovery And How Does It Work?
• How Does a Data Recovery Software Program Function?
• How Does Data Recovery Software Work

Note: Some ransomware such as STOP Djvu, Ryuk and a few others only encrypts part of the file for speed (first so many KB's especially if it is very large) so it does not actually read/write/encrypt the entirety of data. This partial encryption often results in file corruption and renders the encrypted data useless since the encryption is usually irreversible for these files...the encryption code overwrites part of the file with the encrypted data of another part and there is no way to restore the overwritten data as explained here. Since only parts of the file may actually be encrypted, data recovery programs sometimes work to recovery partial files with certain ransomware infections but not with those which overwrite data. With some other types of ransomware, it is even possible to manually recover/reconstruct certain file formats (i.e. .JPG and video files) since the malware only encrypts 150KB of the file as explained here by Demonslay335.

Important Note: The more you use your computer after files are deleted, encrypted or corrupted the more difficult it will be for data recovery programs to recover any deleted, unencrypted and uncorrupted data. The less that is done with the hard drive between the time of the data loss and the attempted recovery, the more likely it is that some or all of the files can be successfully recovered. The more the hard drive with the lost data is used, the less chances of recovery because there is a greater risk that new data can be written to the drive, overwriting and destroying deleted files that could have otherwise been recovered. When you delete a file, its content physically remains intact on the media, but the occupied space becomes marked as free. The next file saved to the disk may overwrite the contents of the deleted file. Therefore, the sooner that data recovery is attempted after a loss the greater the possibility that data can be successfully recovered. It is also very important to make sure that no application (including the recovery program) writes to the drive or partition where the deleted file is located since every new file may overwrite the deleted file.

The chances of success also will be greater if the drive is not defragmented and that you install and use a data recovery program on a drive other than the drive you want to recover files from (i.e. second hard drive, separate partition or USB flash drive) otherwise it could overwrite recoverable files. You could also "slave" the original hard drive and install the software on the new drive.