Skip to main content

Home Makop ransomware

Makop ransomware

Aliases: None widely recognized.

Category: Malware

Type: Ransomware

Platform: Windows

Variants: There are several evolutions and variants of Makop ransomware, each with slight modifications in its ransom note and encryption method. Makop itself is a variant of PHOBOS ransomware.

Damage potential: Makop encrypts data on the affected device, making it inaccessible until a ransom is paid. It might also steal and leak the data.


Makop ransomware encrypts files on a victim's computer, making them inaccessible, and then demands a ransom payment for the decryption key. It was first observed in 2020. Makop encrypts all files on the device, adds its own .makop extension to them, and leaves a ransom note on a "readme-warning.txt" file in each compromised folder as well as on the computer's desktop. The ransom note explains the encryption and demands payment, threatening it will delete the data or leak it if the demands are not met. Makop is known for its ability to bypass traditional antivirus solutions through its evolving obfuscation techniques, making it particularly dangerous.

Possible symptoms

Makop ransomware encrypts files stored on Windows devices, so you won’t be able to open and use any of them. There will also be a ransom note left in multiple locations on your device.

During the encryption process, you might notice your device suddenly becoming very slow. Your network will show signs of unusual activity as well — that’s the malware communicating with its command and control servers.

Sources of infection

  • Exploit kits. Makop can be distributed through exploit kits that use vulnerabilities in your apps to install the ransomware through drive-by downloads. It required zero user interaction to install the malware.
  • Phishing emails. Attackers may distribute Makop through phishing emails containing malicious links or attachments.
  • Compromised websites. Victims can also unknowingly download Makop by visiting compromised or malicious websites and downloading software from them.
  • Remote desktop protocol (RDP) attacks. Brute-forcing their way in or exploiting weak RDP credentials can give the attackers the access needed to deploy ransomware directly onto a device.


Ransomware attacks can be devastating for businesses and individuals alike, causing severe disruption and financial loss. But you can easily protect your devices and data from Makop ransomware:

  • Regularly back up files. Your device being infected with Makop, like other ransomware types, means that you will likely lose all your files. Having them backed up will help you limit the damage.
  • Keep systems up to date. Attackers look for security vulnerabilities as a way to enter the system. Install updates as soon as they’re available to patch these vulnerabilities.
  • Use anti-malware software. Threat Protection Pro is an advanced NordVPN feature that blocks malicious sites, intrusive web trackers, and annoying ads. Plus, it checks files for malware during download, helping you avoid phishing attacks altogether.
  • Use strong authentication. Use strong passwords and enable multi-factor authentication where possible.
  • Perform security training. Educate yourself, your coworkers, and your employees about safe browsing practices and the risks of phishing attacks.
  • Never store sensitive data in plaintext. In case your company data is stolen, make sure that even if it is leaked, it will be unreadable to third parties. In case your company data is stolen, make sure that even if it is leaked, it will be unreadable to third parties.


If you have all of your files backed up, the easiest way to remove the ransomware is to perform a full system wipe and restore your data from backup. No known decryption tools are available for Makop, and paying the ransom is not a guarantee that you will get the decryption key, so it’s better to find other ways to regain control over your device.