www.bleepingcomputer.com
Open in
urlscan Pro
104.20.59.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/712395/oled-makop-ransonware-makop-support-topic/
Effective URL: https://www.bleepingcomputer.com/forums/t/712395/makop-oled-ransonware-makop-carlos-origami-tomas-zbw-support-topic/
Submission Tags: falconsandbox
Submission: On February 10 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/712395/makop-oled-ransonware-makop-carlos-origami-tomas-zbw-support-topic/
Submission Tags: falconsandbox
Submission: On February 10 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:712395" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="239">
<input type="hidden" name="t" value="712395">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/712395/makop-oled-ransonware-makop-carlos-origami-tomas-zbw-support-topic/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY We and our partners store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning. You may click to consent to our and our partners’ processing as described above. Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. Your preferences will apply to this website only. You can change your preferences at any time by returning to this site or visit our privacy policy. MORE OPTIONSAGREE * Sign In * Create Account Search Advanced This topic * Search section: * This topic * Forums * Members * Help Files * Calendar * * View New Content * Forum Rules * BleepingComputer.com * Forums * Members * Tutorials * Startup List * Virus Removal * Downloads * Uninstall List * Welcome Guide * More 1. BleepingComputer.com 2. → Security 3. → Ransomware Help & Tech Support Javascript Disabled Detected You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Click here to Register a free account now! or read our Welcome Guide to learn how to use this site. Latest News: FritzFrog botnet grows 10x, hits healthcare, edu, and govt systems Featured Deal: Hone your cybersecurity skills with this certification bundle MAKOP-OLED RANSONWARE (.MAKOP, .CARLOS, .ORIGAMI, .TOMAS, .ZBW) SUPPORT TOPIC Started by samuelvalvassori , Jan 28 2020 05:18 PM * Page 1 of 7 * 1 * 2 * 3 * Next * » * Please log in to reply 103 replies to this topic #1 SAMUELVALVASSORI samuelvalvassori * * Members * 4 posts * OFFLINE * Local time:12:18 PM Posted 28 January 2020 - 05:18 PM Hello guys, i have problem in the my network . my server has been hacked and the data encrypted by this .makop ransonware is posting the rescue txt files and some encrypted files. if someone can help me, thank you, because these data are government data where I take care of the IT part. arquive extension exemploe AD DENTARIA 2.pdf.[EFC17099].[makop@airmail.cc].makop thank you for your attention and thank you who can help. ATTACHED FILES * readme-warning.txt 1.66KB 36 downloads * Back to top -------------------------------------------------------------------------------- BC ADBOT (LOGIN TO REMOVE) * * BleepingComputer.com * * Register to remove ads PLAY Top Articles Video Settings Full Screen About Connatix V149654 Read More Read More Read More Read More Read More Read More Spain dismantles SIM swapping group who emptiedbank accounts 1/1 SkipAd Continue watching after the ad Visit Advertiser websiteGO TO PAGE -------------------------------------------------------------------------------- #2 QUIETMAN7 quietman7 Bleepin' Gumshoe * * Global Moderator * 59,079 posts * OFFLINE * Gender:Male * Location:Virginia, USA * Local time:10:18 AM Posted 28 January 2020 - 06:56 PM Did you submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) OR Emsisoft Identify your ransomware for assistance with identification and confirmation of the infection? Uploading both encrypted files and ransom notes together along with any contact email addresses or hyperlinks provided by the criminals gives a more positive match with identification and helps to avoid false detections. Please provide a link to the ID Ransomware results. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 (Michael Gillespie) to manually inspect the files and check for possible file markers. . . Windows Insider MVP 2017-2020 Microsoft MVP Reconnect 2016 Microsoft MVP Consumer Security 2007-2015 Member of UNITE, Unified Network of Instructors and Trusted Eliminators If I have been helpful & you'd like to consider a donation, click * Back to top -------------------------------------------------------------------------------- #3 SAMUELVALVASSORI samuelvalvassori * Topic Starter * * Members * 4 posts * OFFLINE * Local time:12:18 PM Posted 28 January 2020 - 07:34 PM Unable to determine ransomware. Please make sure you are uploading a ransom note and encrypted sample file from the same infection. This can happen if this is a new ransomware, or one that cannot be currently identified automatically. You may post a new topic in the Ransomware Tech Support and Help forums on BleepingComputer for further assistance and analysis. Please reference this case SHA1: 3903adef75b28ac836cd4c580551376582df53da I needd help, can help me ??? please * Back to top -------------------------------------------------------------------------------- #4 QUIETMAN7 quietman7 Bleepin' Gumshoe * * Global Moderator * 59,079 posts * OFFLINE * Gender:Male * Location:Virginia, USA * Local time:10:18 AM Posted 28 January 2020 - 08:26 PM Please upload the original ransom note and several samples of encrypted files (different formats - doc, png, jpg) to the following third-party file hosting service and provide a link or send a PM with a link to Amigo-A (Andrew Ivanov) so he can manually inspect them. * DropMeFiles It is best to compress large files before sharing. When the file has been uploaded, you will see a screen stating that the upload was successful. Right-click on the filename link, select Copy Shortcut and paste the link in your next reply. Please be patient until Amigo-A has a chance to review the information you provided and Demonslay335 has a chance to review the case SHA1. They are both volunteers who assist members as time permits. Demonslay335 is inundated with numerous support requests and it may take some time to get a reply. . . Windows Insider MVP 2017-2020 Microsoft MVP Reconnect 2016 Microsoft MVP Consumer Security 2007-2015 Member of UNITE, Unified Network of Instructors and Trusted Eliminators If I have been helpful & you'd like to consider a donation, click * Back to top -------------------------------------------------------------------------------- #5 AMIGO-A Amigo-A Ransomware Expert * * Members * 2,433 posts * OFFLINE * Gender:Male * Location:Bering Strait * Local time:08:18 PM Posted 29 January 2020 - 02:18 AM This is Oled-Makop Ransomware https://twitter.com/siri_urz/status/1221797493849018368 /// I have not yet published a description for this year's variants. I need to correct and compare the variants of previous years. Edited by quietman7, 10 December 2020 - 07:21 AM. My site: The Digest "Crypto-Ransomware" + Google Translate * Back to top -------------------------------------------------------------------------------- #6 AMIGO-A Amigo-A Ransomware Expert * * Members * 2,433 posts * OFFLINE * Gender:Male * Location:Bering Strait * Local time:08:18 PM Posted 29 January 2020 - 02:21 AM Please correct the error in the topic name - the correct extension is .makop My site: The Digest "Crypto-Ransomware" + Google Translate * Back to top -------------------------------------------------------------------------------- #7 SAMUELVALVASSORI samuelvalvassori * Topic Starter * * Members * 4 posts * OFFLINE * Local time:12:18 PM Posted 29 January 2020 - 06:58 AM WHAT Key for Decrypter Ransonware .makop * Back to top -------------------------------------------------------------------------------- #8 SAMUELVALVASSORI samuelvalvassori * Topic Starter * * Members * 4 posts * OFFLINE * Local time:12:18 PM Posted 29 January 2020 - 08:00 AM quietman7, on 29 Jan 2020 - 01:26 AM, said: > Please upload the original ransom note and several samples of encrypted files > (different formats - doc, png, jpg) to the following third-party file hosting > service and provide a link or send a PM with a link to Amigo-A (Andrew Ivanov) > so he can manually inspect them. > > * DropMeFiles > > It is best to compress large files before sharing. When the file has been > uploaded, you will see a screen stating that the upload was successful. > Right-click on the filename link, select Copy Shortcut and paste the link in > your next reply. > > Please be patient until Amigo-A has a chance to review the information you > provided and Demonslay335 has a chance to review the case SHA1. They are both > volunteers who assist members as time permits. Demonslay335 is inundated with > numerous support requests and it may take some time to get a reply. https://drive.google.com/drive/folders/1s---2mbYrQO2If78c0-LBwBvNaWq85z8?usp=sharing This is link for download encrypted files many formats and txt ranson note. Thank you for help me... Amigo-A, on 29 Jan 2020 - 07:18 AM, said: > This is Oled-Makop Ransomware > > https://twitter.com/siri_urz/status/1221797493849018368 > > > > /// I have not yet published a description for this year's variants. I need to > correct and compare the variants of previous years. https://drive.google.com/drive/folders/1s---2mbYrQO2If78c0-LBwBvNaWq85z8?usp=sharing This is link for download encrypted files many formats and txt ranson note. Thank you for help me... * Back to top -------------------------------------------------------------------------------- #9 AMIGO-A Amigo-A Ransomware Expert * * Members * 2,433 posts * OFFLINE * Gender:Male * Location:Bering Strait * Local time:08:18 PM Posted 29 January 2020 - 10:10 AM I already saw your files. This is a new version of the ransomware. No one has studied it that, so that we can't talk about a decryptor. A free decryptor could not appear before the encryptor encrypted the files. Only extortionists has an original decryptor. Edited by Amigo-A, 29 January 2020 - 10:10 AM. My site: The Digest "Crypto-Ransomware" + Google Translate * Back to top -------------------------------------------------------------------------------- #10 QUIETMAN7 quietman7 Bleepin' Gumshoe * * Global Moderator * 59,079 posts * OFFLINE * Gender:Male * Location:Virginia, USA * Local time:10:18 AM Posted 29 January 2020 - 10:38 AM Amigo-A, on 29 Jan 2020 - 07:21 AM, said: > Please correct the error in the topic name - the correct extension is .makop Done. . . Windows Insider MVP 2017-2020 Microsoft MVP Reconnect 2016 Microsoft MVP Consumer Security 2007-2015 Member of UNITE, Unified Network of Instructors and Trusted Eliminators If I have been helpful & you'd like to consider a donation, click * Back to top -------------------------------------------------------------------------------- #11 CLOCKHART3216 clockhart3216 * * Members * 2 posts * OFFLINE * Local time:09:18 AM Posted 24 February 2020 - 08:17 AM Good morning. I am having the same issue. I am attaching a zip file that has a few examples and the ransom note. Has anyone gotten anywhere with this? ATTACHED FILES * Makop.zip 144.27KB 17 downloads * Back to top -------------------------------------------------------------------------------- #12 QUIETMAN7 quietman7 Bleepin' Gumshoe * * Global Moderator * 59,079 posts * OFFLINE * Gender:Male * Location:Virginia, USA * Local time:10:18 AM Posted 24 February 2020 - 09:13 AM Unfortunately, there is no known method that I am aware of to decrypt files encrypted by Makop-Oled Ransonware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced. If feasible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time. Ransomware victims should ignore all Google searches which provide numerous links to bogus and untrustworthy removal/decryption guides. After our experts tweet or write about a new variant, junk articles with misinformation are quickly written in order to goad victims into purchasing sham removal and decryption software. Only use trusted sources when searching for information. . . Windows Insider MVP 2017-2020 Microsoft MVP Reconnect 2016 Microsoft MVP Consumer Security 2007-2015 Member of UNITE, Unified Network of Instructors and Trusted Eliminators If I have been helpful & you'd like to consider a donation, click * Back to top -------------------------------------------------------------------------------- #13 DEMONSLAY335 Demonslay335 Ransomware Hunter * * Security Colleague * 4,748 posts * OFFLINE * Gender:Male * Location:USA * Local time:09:18 AM Posted 26 February 2020 - 02:25 PM I finished a full analysis of this ransomware - it is secure. https://twitter.com/demonslay335/status/1232330195144728577 ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic] CryptoSearch - Find Files Encrypted by Ransomware [Support Topic] If I have helped you and you wish to support my ransomware fighting, you may support me here. * Back to top -------------------------------------------------------------------------------- #14 HOTMAN99 Hotman99 * * Members * 30 posts * OFFLINE * Gender:Male * Location:Turkey * Local time:04:18 PM Posted 07 March 2020 - 05:00 AM case number: 5ad446683e2eae73b7b65ba0cb97ce6d14494bf0 https://dropmefiles.com/KyDh4 * Back to top -------------------------------------------------------------------------------- #15 TAMMAM tammam * * Members * 1 posts * OFFLINE * Gender:Male * Location:SYRIA * Local time:05:18 PM Posted 09 March 2020 - 03:48 PM Hi , Is there a hope to recover the infected files ? Edited by tammam, 09 March 2020 - 03:48 PM. * Back to top -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- * Page 1 of 7 * 1 * 2 * 3 * Next * » Back to Ransomware Help & Tech Support * * * * * * * * * * 1 USER(S) ARE READING THIS TOPIC 0 members, 1 guests, 0 anonymous users Reply to quoted posts Clear 1. BleepingComputer.com 2. → Security 3. → Ransomware Help & Tech Support 4. Privacy Policy 5. Rules · * * Help Advertise | About Us | Terms of Use | Privacy Policy | Sitemap | Chat | RSS Feeds | Contact Us Tech Support Forums | Virus Removal Guides | Downloads | Tutorials | The Computer Glossary | Uninstall List | Startups | The File Database © 2004-2022 All Rights Reserved Bleeping Computer LLC . Site Changelog Community Forum Software by IP.Board SIGN IN * Use Twitter * Need an account? Register now! * Username * Forum Password I've forgotten my password * Remember me This is not recommended for shared computers * Sign in anonymously Don't add me to the active users list * Privacy Policy JUMP TO PAGE JUMP TO PAGE