Makop ransomware has been expanding through its affiliate program, RaaS (Ransomware as a Service), a tactic that aims to seek partners to carry out attacks by only charging a commission on top of the ransom value. This tactic is intended to expand the attacks by bringing renown to the group.
The main target of this group has been companies in South Korea, not that they ignore companies in Europe and America, but they focus is on Korea. The group’s main targets are companies in manufacturing, education, media, technology, construction, pharmaceutical, legal, engineering, and defense.
The group uses spam email campaigns, these emails contain employment forms and materials related to copyright infringement, the ransomware is hidden in these files, which once installed disables all programs that could stop it and starts the encryption process.
At the end of the process a desktop file with a name “readme-warning.txt” is left, this document contains the group’s demands and what ways the victim can contact them.
To demonstrate that the group has the decryption key, they decrypt two files for free, but with some conditions such as not containing valuable information to the company and also no larger than 1 MB.
Recover Files Encrypted by Makop Ransomware
Ransomware decryption is a relatively new field, only companies that can develop technologies can do such recovery. A few years ago such recovery was impossible, however today, companies with Digital Recovery can recover the data.
However, this recovery is extremely delicate, as any error can compromise the files even further, so it is important to have an expert do the entire process.
At Digital Recovery, the specialists are at your disposal, they have all the necessary tools and training to be successful in the recovery.
All our processes are is supported by a high level of data protection and we also provide a non-disclosure agreement (NDA).
Contact our experts and see all we can do for you.