Makop-Oled Ransonware (.makop, .origami, .tomas, .zbw. mkp) Support Topic

Hi everyone, i have been hit bye the .mkp ransomware.
 
Searching online i found out your forum and i want to ask you all a thing:
is hxxps://stopdjvudecryptor.ru/ good? 
Does anyone tried to decrypt with it?
They ask 500$ in bitcoin, and as far as i know is not the best metod to make a payment for service ---> scamm vibes...
 
the thing is: they decrypt my test file with success and i dont know if is right to proceed.

The link you provided is for a Data Recovery Service.

The legitimate Emsisoft STOP Djvu Decryptor is only intended for victims of STOP (Djvu) Ransomware and should only be downloaded from a trusted source. Makop-Oled is a different infection so that decryptor will not work. 
 
Ransomware victims should always ensure they have properly identified the ransomware AND are using the correct decryptor tool before attempting to decrypt their files. Using a faulty (malfunctioning, defective) or incorrect decryptor (one intended for another specific type of ransomware) may cause additional damage and corrupt the encrypted files, thus decreasing your chances for recovering data.
 

Ransomware victims should ignore all Internet web searches which provide numerous links to bogus and untrustworthy ransomware removal guides, including Facebook and YouTube videos, many of which falsely claim to have decryption solutions. After expert researchers write about new ransomware variants, junk articles with misinformation are quickly written in order to scare, goad or trick desperate victims into using or purchasing mostly sham removal and decryption software. Victims may be directed to download a multitude of unnecessary and useless tools. In some cases, unsuspecting victims may actually be downloading a malicous file or fake decryptor resulting in double (multiple) encryptions that makes the situation even worst. Further, your personal and financial information are also at risk when dealing with scammers. Only use trusted sources when searching for information.

 
Bleeping Computer cannot vouch for those who claim they can decrypt data or help in other ways. We have have no way of knowing the background, expertise and motives of all companies or individuals who indicate decryption is possible. We have no way of vetting whether a person has a true technical method of recovering files, is scamming users by just paying ransoms for the key, or are the ransomware operators themselves. We advise everyone to be cautious with whomever you are dealing with, what services they are able to provide and what claims they make before sending money or paying a fee to anyone. 
 
Data recovery services typically act as a "middleman", pay the criminals...pretend they cracked the decryption and charge the victim more than the ransom demands, in many cases not telling them that is how they acquired the means of decryption. Others hide the actual ransom cost from clients and mark the cost up exponentially as noted here. Many of them instruct victims to submit one or two limited size files for free decryption as proof they can decrypt the files with claims of 100% guaranteed success, collect the victim's money and are never heard from again. The criminals behind creating and spreading ransomware do the same. Some data recovery services are just scammers who take advantage of desperate victims and never intend to decrypt data after receiving payment.

Please read my comments in this topic (Post #2) for more information as to what we know about those who claim they can decrypt data including using and paying data recovery services

seguo il post di godino io ci ho provato e da "pirla" ho pagato 500€ mi hanno mandato un eseguibile che inserendo l'ID avrebbe dovuto decriptare il tutto ma non lo fa escono fuori messaggi che ID non va mi rispondono che devo pagare altri 250€ perche non e piu su server e deve essere rimesso quindi ://stopdjvudecryptor.ru/ per me e una str.....ata vi fregano i soldi e basta se volete vi mando l'eseguibile che mi hanno girato...

GOOGLE TRANSLATE

I follow Godino's post, I tried and as an "idiot" I paid €500, they sent me an executable that by inserting the ID should have decrypted everything but it doesn't do it, messages come out that ID is not working, they answer me that I have to pay another €250 because it is no longer on the server and must be put back so ://stopdjvudecryptor.ru/ for me it's a s.....ta they'll just steal your money and that's it, if you want I'll send you the executable that they sent me

Customer of mine just got hit with the MKP ransomware virus.  

All of his files and backup files have been encrypted.

I'm guessing there is no recovery for this

Here is the text from the README files
 

Customer of mine just got hit with the MKP ransomware virus.  
All of his files and backup files have been encrypted.
I'm guessing there is no recovery for this..

You are correct. The criminal's master private key is needed for decryption. Without the criminal's master private key, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way (RSA, AES, Salsa20, ChaCha20, EDA2, ECDH, ECC) that cannot be brute-forced as noted here by Demonslay335.

That's what I figured.

Has anyone been successful in paying the ransom to recover the data?

Ken

Not that I can remember. This topic is 11 pages long so you can double-check by reading it from the beginning.

If you are thinking about paying the ransom (which is not advisable), negotiating with the ransomware developers or using a data recovery service, you may want to read my comments about victim experiences in this topic first: Should you pay the ransom? (Post #17).

That's what I figured.

Has anyone been successful in paying the ransom to recover the data?

 

Ken

my friend sent the money and got no key so don't pay they are scammer!

Hi,
I'm new here, my data was encrypted by .mkp ransomware some time ago.
 
I keep trying to search the internet to see if anyone has a solution.
 
I've already understood that this variant cannot be decrypted without the hacker's help.
 
I found this company online that claims to be able to decrypt .mkp files. Does anyone know this company? It seems reputable and has an address and telephone number in Germany.
 
hxxps://digitalrecovery.com/de/decrypt-makop-ransomware/
 
Does anyone have an opinion on this? I don't want to fall for more scams to demand money from me and then not get any help again.
 
Many thanks to everyone who answers me and good luck to everyone who has had the same experience as me.

....I found this company online that claims to be able to decrypt .mkp files. Does anyone know this company? It seems reputable and has an address and telephone number in Germany.
 
hxxps://digitalrecovery.com/de/decrypt-makop-ransomware/
 
Does anyone have an opinion on this? I don't want to fall for more scams to demand money from me and then not get any help again....

Bleeping Computer cannot vouch for those who claim they can decrypt data or help in other ways. We have have no way of knowing the background, expertise and motives of all companies or individuals who indicate decryption is possible.
 

The link you found is for a Data Recovery Service.

Data recovery services typically act as a "middleman", pay the criminals...pretend they cracked the decryption and charge the victim more than the ransom demands, in many cases not telling them that is how they acquired the means of decryption. Others hide the actual ransom cost from clients and mark the cost up exponentially as noted here. Many of them instruct victims to submit one or two limited size files for free decryption as proof they can decrypt the files with claims of 100% guaranteed success, collect the victim's money and are never heard from again. The criminals behind creating and spreading ransomware do the same. Some data recovery services are just scammers who take advantage of desperate victims and never intend to decrypt data after receiving payment. Just because they can successfully decrypt a few files does not mean they can decrypt all files...in many cases decryption in bulk does not work.
 
Connecticut-based Coveware CEO Bill Siege refers to such data recovery services as "ransomware payment mills". Please read my comments in this topic (Post #2) for more information as to what we know about those who claim they can decrypt data including using and paying data recovery services.

 

hello guys,
I'm new here and just to share my story
I got infected with the insomrans@outlook.com version so I contact the hacker, paid and he sent me the decoder.
Then I found out that I needed the key to restore the files but the guy instead of sending it started to ask for more money and after sending 200$ more he just disappear forever.
I then contacted another makop operator that told me that this guy is a scam and they will not work with him anymore!
End of the story after a few weeks the other operator helped me and restored my files! So if you paid them do not lose hope

You were fortunate. Not everyone who pays the ransom demand is successful with decryption of their data or even getting a decrypter from the criminals and not everyone is successful negotiating a payment with them.