MAKOP Ransomware Recovery

Do you think you have been infected by MAKOP ransomware? Stay calm. This page contains information on identifying MAKOP ransomware and how to remove it. Our emergency response team is also available to help, 24/7. Call us now for a FREE consultation to assess the damage and learn more about your options.

BeforeCrypt is a cybersecurity firm with highly qualified technicians remotely assisting organizations of all sizes, worldwide. Our specialty is removing ransomware and recovering data as fast and efficiently as possible through a streamlined ransomware remediation process.

How do I know if MAKOP Ransomware has infected my system?

If your files are locked, and your file names have strange extensions added to them, it could mean your system is infected with MAKOP ransomware. The surest sign of an infection is a ransom note demanding payment in Bitcoin that mentions the name “MAKOP.”


MAKOP Ransomware first appeared in 2020 as an offshoot of the PHOBOS variant, and has infected a number of computers since then. Files encrypted by MAKOP often have the extension “.makop”. You may also notice that your desktop wallpaper has changed. MAKOP uses RSA encryption. There are no known free decryption tools capable of decrypting files encrypted by MAKOP.

  • How to identify MAKOP Ransomware
  • MAKOP Ransomware places a text file named *EXTENSION-readme.txt* on your Desktop. Copies of this file might also be placed in each encrypted folder.
  • If your file extensions change to .makop and you are directed to download the TOR browser and navigate to a dark web site to pay a ransom.
  • If your desktop background disappears or is changed to a threatening message demanding a ransom.
  • Your CPU is maxed out at 100% utilization, even when you’re not doing any computation intensive tasks.
  • Your laptop or PC may seem slow or sluggish. This could be a sign that your CPU power is being used to encrypt your files.
  • If your hard disk is writing at 100% of capacity, even though you are not using any applications that should be doing this.
  • Your antivirus software is deactivated or you are unable to use it.

What steps do I take if my data is encrypted by MAKOP?

  • As soon as you suspect a ransomware infection, disconnect your computer from the network and shut it down normally. A more detailed description of what to do is available in our free guide to Ransomware Response.
  • It is better NOT to talk directly to the attackers. Many ransomware gangs are skilled at intimidation and manipulation, so it’s better to let professionals deal with them.
  • Report the hack to the cybercrime unit of the local police agency. The contact details for different cybercrime divisions can be found in our directory.
  • Double check to make sure your machine is shut down. MAKOP can continue encrypting data in the background as long as your computer is on.
  • Contact the experts and get HELP now!

BeforeCrypt is a Cyber Security firm  licensed and registered in Germany. We specialize in helping victims of ransomware recover as quickly and safely as possible. We have helped hundreds of clients recover their data. We know how stressful ransomware attacks can be, and we can begin the recovery process immediately.

MAKOP uses military grade encryption to pressure you into paying to recover your data. Beware of anyone offering a quick fix to this; we have observed a number of fake decryptors that seek to take advantage of desperate ransomware victims.

BeforeCrypt is Europe’s leading ransomware recovery firm. We can help you get back up and running – fast and secure.

It's important to stay calm. Contact us any time for a FREE consultation!


Not much is known about the gangs that operate MAKOP, since this is a relatively new variant. The hackers using MAKOP seem to target a wide variety of organizations

The average MAKOP ransom amount is somewhere around $15,000. Ransoms are demanded in the form of Bitcoin. Quick-buy methods of purchasing Bitcoin using credit card or PayPal often carry an additional fee of up to 10%.

MAKOP causes longer than average downtime. This is partly due to the need to communicate with attackers manually.

For most ransomware victims, downtime ends up being the most expensive part of a ransomware attack. It can also cause significant damage to a company’s reputation if the attack is publicized.

The best possible outcome in a ransomware attack situation is to get your system back online as quickly and securely as possible. The best way to do this is to call in experts who have experience dealing with MAKOP ransomware, and have them handle the removal and restoration process.

In our experience, a successful ransom payment usually results in getting a working Avaddon decryptor. Decryptor tools do take work to maintain, however, so not all attackers have working tools.

The ransomware gangs we have documented have consistently delivered working MAKOP decryptors after the successful completion of ransom payments. This is not the case for all hackers, however, because decryptor tools usually require maintenance with updates.

Knowing the reputation of the specific gang you are dealing with can help to avoid situations where a ransom is paid, but the decryptor does not work, or no decryptor is provided.

The most common attack vector for MAKOP ransomware is phishing.

NameMAKOP, MAKOP Ransomware
Danger LevelHigh
Release dateJune, 2020
Affected SystemsWindows
File Extensions.makop, .vassago
Ransom Demandreadme-warning.txt
Contact/ E-Mail-AdressDark web portal
Known Scammersnone


MAKOP Ransomware Note #1: .txt Notice

This is an average MAKOP ransomware note.

::: Greetings :::

Little FAQ:
Q: Whats Happen?
A: Your files have been encrypted and now have the “makop” extension. The file structure was not damaged, we did everything possible so that this could not happen.

Q: How to recover files?
A: If you wish to decrypt your files you will need to pay in bitcoins.

Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.

Q: How to contact with you?
A: You can write us to our mailbox: [email protected]

Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.

Q: If I donít want to pay bad people like you?
A: If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice – time is much more valuable than money.

DON’T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions – please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.


By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

“original filename*.original extension*.abrAxbiSea”


We have had good success in the past decrypting files affected by MAKOP ransomware. Unfortunately, the only way to obtain a working decryption tool at present is to get it from the hackers.

We can help ensure that this process goes is as fast and safe as possible. Some ransomware gangs will not provide a working decryption tool upon payment, and other will demand a second or third ransom. We keep records on the various active gangs so that we know what to expect.

After we receive a working decryptor, we begin the process of restoring your files immediately. In our experience, letting us handle the recovery process significantly reduces downtime in all cases.

The only way to know precisely how much ransomware response will cost is to contact us for a free consultation.

Ransomware response cost varies according to the type of attack, how much data is affected, the number of computers infected, and your local environment (computer performance, servers, operating systems). The response includes removal of the ransomware, negotiations with attackers and transferring payment if necessary, restoring data, patching the vulnerability that led to the attack, and preparing all documentation for legal compliance and insurance claims. The course of action our clients choose also affects the overall cost. 

The minimum cost for small companies generally starts around several thousand euros, including the cost of the ransom. However, if at all possible, we strongly recommend avoiding paying the attackers. Paying the attackers encourages them to harm more people. However, if it is not economically feasible, we handle fully legally compliant payments to attackers. The overall expense depends a lot on the ransom amount demanded, and how successful negotiations are. We maintain a database on ransomware gangs to negotiate more effectively. In some cases, negotiations can result in a significant reduction in the ransom payment.

We have a greater than 98% success rate.

In the case of most of our clients who have cyber insurance, their coverage pays the cost of our services, as well as the ransom, if necessary. 



  1. Professional ransomware response can significantly decrease downtime. We deal with hundreds of cases every year. Through our years of experience, we have developed a streamlined process that brings our clients back online as fast as possible. In the event that a ransom has to be paid, purchasing the necessary cryptocurrency can take days. The process of resolving a ransomware attack without prior experience can take many hours of research. Most of our cases are completely resolved 24-72 hours after we begin the recovery process.

  2. Avoid dealing with criminals and ensure legal compliance. Most companies don’t feel comfortable dealing with cyber-criminals. It can add another layer of stress in emergency. We maintain files on different groups of hackers in order to maximize security and effectiveness of negotiations. We also ensure that all communications and transfers comply with applicable laws and regulations to protect our clients against potential legal problems. 

  3. Cryptocurrency transfers. It is always better to avoid giving into the attacker’s demands. If backups and normal recovery methods fail, however, there may be no other choice. Most ransomware attackers demand payment in Bitcoin. We guide you through the whole process of creating a crypto currency wallet and buying the crypto currency with you. Therefore we have different cooperation partner in order to prepare your wallet and do the transaction as quick and easy as possible for you. 

  4. Ensure data integrity and security. As specialists in the field of ransomware incident response, we are always refining industry best practices for data recovery. We have robust, standardized procedures for backing up encrypted data, restoring data, and removing viruses to ensure that there is no data loss or damage.

  5. Easy Insurance Reporting: All of our clients receive a detailed incident report with all information required by cyber-insurance and for law enforcement purposes. Thankfully, cyber-insurance often covers the cost of cyber-extortion as well as professional ransomware response services. Completing all paperwork correctly from the beginning can speed up the process of filing a claim and recovering lost funds.

In emergencies, we can start with the ransomware data recovery immediately. Since our support team operates 24/7, we can reduce your downtime to a minimum by working non-stop to recover your data.

Need help NOW with MAKOP ransomware recovery? Contact us for immediate help from leading ransomware experts

Ransomware Recovery Data