Have you been attacked by Makop Ransomware?
We help you with ransomware removal and data recovery.

Call us first at (305) 680 7194 or chat with us.
One of our expert consultants will provide free incident response recommendations and explain our guaranteed recovery solution.

We recover information lost to Makop Ransomware variant.

“A medical company in California contacted us after suffering a MAKOP ransomware attack that affected their operations forcing them to do accounting and patient management on paper. Their last backup was more than 6 months old.  Due to the sensitive data of patients, they contacted us to help them recover their patient information and accounting system.   We ran our diagnostic process and 1 day after we presented our guaranteed recovery solution and cost estimate.  The client hired our services and after 4 days we had recovered all 3 servers and the client was able to restore systems and resume operations.

Testimonial: “I just sent your number to a collegue of ours who needs your recovery services.  I told him you did magic for me.  Thank you”

“We were contacted by a partner of ours, who was helping to manage the contingency of a PHOBOS ransomware attack suffered by a non-profit organization in Texas with more 2 servers affected as well as backups.  SQL databases were encrypted as well.  The attack had been detected earlier that Monday and had already affected operations and sensitive databases. Our expert cryptography engineer ran our diagnostic and forensic analysis process for this client. It was a Phobos-type ransomware with over encryption and more than 4 different encryption keys affecting the NAS server.  We managed to recover all affected servers and backup in 3 days.
Testimonial:  ” Thanks for your great help.  Our lawyers recommended us to contact someone and negotiate with hackers but we would never do that.  Thanks to you guys, we are operating normally again.”

“An health insurance service provider in Florida contacted us after suffering a ransomware attack related to a LOCKXXX ransomware variant. They had 3 servers affected and tried to recover one critical server with DMDE unsuccessfully (TIP: do not try to use conventional recovery tools to solve a ransomware encryption).  Our forensics team accessed remotely using anydesk software, did cleanup work, and 24 hours after we presented the client our guaranteed recovery proposal with cost estimate.  We found 3 different encryption vectors in different server and disk partitions.  It was possible to decrypt 100% of the information in 3 days. The data was recovered in the same structure, integrity as before the attack.
Testimonial:  “Hi Juan, after inspecting the servers you recovered, it looks like all of the databases and files are good!  Thank you so much.  We had paid the hackers and got a second extortion demand.  Thanks again for your support and help. “

Makop ransomware variant comes from the old “Crisis”, a medium-complexity crypto virus whose encryption patterns can be quite changeable. It has similar structures to the well-known “Dharma” ransomware and usually targets small and medium-sized businesses.


Origin of Makob Ransomware

Encryption type: AES 256 & RSA 2048
Ransomware type: RAAS
Countries of Origin: Russia, China
Threat type: Crypto virus, Cyber ​​Locker
Infection methods: Phishing and Torrents
Our Decryption Process


Disconnect all affected information from the network and completely avoid contact with cybercriminals.


Contact us to review your case and advise you on the specific case.


Our experts will perform a forensic analysis where we evaluate the complexity of the case.


Through forensic engineering and cryptography methods, we generate a decryptor to decrypt the information.
Frequently Asked Questions

What extension do encrypted files have?

Some of the most common extensions: .eking, .eight, .phobos, .phoenix, .banjo, .eject, .elbie. Files usually contain such extensions followed by the cybercriminal’s email address and a unique identifier code. Eg[3EF5AUD3-2110].[].eking

How was my information encrypted?

Normally these attacks happen through spam emails (phishing) where an attached file containing the virus is included. These emails are opened by a network user and when downloading the attachment, usually pdf, .docx, executable, etc. the virus is executed and the virus begins the encryption process.

In other cases, the infection occurs through vulnerable RDP ports or outdated software bugs/flaws.

What should I do to recover my information?

Here are the steps you need to take to retrieve your information:

  1. Do not contact cyber criminals under any circumstances. This will only let criminals know that you require the information and do not have backups. World statistics show that in approximately 92% of cases, after the extortion payment is made, a second deposit is requested and the data is not recovered.
  2. Immediately disconnect the network equipment and isolate it to avoid encryption complications.
  3. Avoid tampering with or running generic data recovery software. By doing so, you can affect the structure of the information and make it unrecoverable.
  4. Check if you have backups where you could restore the data. If this is not the case, contact us immediately to evaluate the case.