Services Recovery Ransomware MKP

🔍 What is MKP Ransomware
According to reports from multiple cybersecurity organizations:
-
Makop (also referred to as MKP) is a ransomware family that first appeared around 2020 and remains active with various variants.
-
This ransomware encrypts victims’ files and appends a unique extension for each attack (e.g., *.makop, *.gros, *.erif, etc., depending on the variant).
-
After encryption, Makop drops a ransom note (commonly
readme.txtorinfo.txt) containing instructions to pay the ransom, usually in cryptocurrency (Bitcoin/Monero). -
Makop operates under a Ransomware-as-a-Service (RaaS) model, meaning the core operators collaborate with affiliates to distribute the ransomware and share the ransom profits.
⚠️ How MKP Spreads / Attack Vectors
| Vector / Stage | Details |
|---|---|
| Exploiting VPN / firewall vulnerabilities | Attacks through unpatched VPNs or edge devices without MFA enabled. |
| Phishing emails / malicious attachments | Attachments carrying malware payloads that enable infection. |
| Credential compromise / stolen accounts | Access via leaked or stolen passwords, often bought from third parties. |
| Deleting backups & shadow copies | Prevents victims from easily restoring files through recovery options. |
| Security evasion (anti-detect / LOLBins) | Abuse of legitimate system tools (Living Off The Land Binaries) to hide ransomware activity. |
🛡 Implications & Impact
-
Makop commonly applies double extortion tactics: victims not only lose access to encrypted files but also face the threat of stolen data being leaked publicly if they refuse to pay.
-
The ransom demand is usually significant, particularly when targeting organizations with critical data.
-
Recovery is highly challenging if backups are not properly maintained or are connected to the main network (and thus also encrypted or deleted).
đź› Solutions Offered by Recovery Ransomware Indonesia (RRI)
1. Incident Analysis & Digital Forensics.
-
Investigate the infected system: Makop variant, entry points, and attacker’s command sequence.
-
Analyze infected files and logs to determine whether data was only encrypted or also exfiltrated.
-
Verify if shadow copies were deleted, and check whether offline backups exist.
2. Data Recovery from Backups
-
Identify clean, uncompromised backups.
-
Restore data safely (preferably from air-gapped/offline backups).
-
Validate data integrity after restoration.
3. Decryption / Decryptor Tools
-
Use available public decryptors (e.g., from the NoMoreRansom Project) if they exist for the specific Makop variant.
-
Ensure the decryptor is safe and does not pose additional risks.
4. Negotiation & Ransom Response Consulting
-
Provide expert advice on ransom payment risks, including reputational and legal consequences.
-
Coordinate with law enforcement when appropriate.
-
Test the validity of decrypted sample files provided by attackers before any negotiation.
5. System Cleaning & Remediation
-
Remove the malware completely, patch exploited vulnerabilities, and secure system configurations.
-
Ensure no backdoors remain.
-
Strengthen VPNs, activate MFA, and deploy additional security controls.
6. Preventive Measures
-
Cybersecurity awareness training: how to detect phishing and suspicious links.
-
Regular patch management and updates for VPNs, firewalls, and endpoints.
-
Deploy EDR/XDR solutions to detect suspicious behavior.
-
Network segmentation to contain infections.
-
Routine data backups using the 3-2-1 rule and periodic recovery testing.
7. Monitoring & Threat Intelligence
-
Monitor for credential theft or data leaks that may indicate further attacks.
-
Leverage international threat intelligence feeds to stay updated on Makop variants.
🚀 Why Choose Recovery Ransomware Indonesia
-
Specialists in Ransomware & Cybersecurity
-
Unlike general IT support or traditional data recovery services, RRI focuses specifically on ransomware cases.
-
Experienced with a wide range of ransomware families, including Akira, LockBit, BlackCat/ALPHV, Hive, MedusaLocker, Cicada3301, BEAST, Weaxor, MKP, and others.
-
-
Global-Standard Expertise with Local Understanding
-
Combines international best practices with an understanding of the Indonesian cyber landscape.
-
-
Legal & Ethical Approach
-
Does not immediately recommend paying the ransom; prioritizes recovery and remediation first.
-
-
Advanced Forensic & Decryption Tools
-
Utilizes official decryptors where available.
-
If no decryptor exists, performs forensic data carving for potential recovery.
-
-
Safe Negotiation Support
-
Acts as mediator to protect company identity and minimize exposure.
-
Analyzes the probability of data return versus reputational risk.
-
-
Rapid & Responsive Service
-
24/7 emergency support to reduce downtime and losses.
-
-
Operational Recovery & Long-Term Security
-
Supports Business Continuity Plans (BCP).
-
Implements preventive solutions like 3-2-1 backup strategy, MFA, patching, and endpoint protection.
-
Trains local staff to recognize phishing and social engineering.
-
-
Trusted Reputation
-
Trusted by organizations in finance, manufacturing, retail, healthcare, and government sectors in Indonesia.
-
Proven high success rate in ransomware recovery.
-
âś… Conclusion
Recovery Ransomware Indonesia is a trusted partner for handling Makop (MKP) ransomware because:
-
Specialized in ransomware recovery and cybersecurity.
-
Combines global best practices with local expertise.
-
Offers end-to-end solutions: forensic analysis, data recovery, negotiation, system cleaning, and prevention.
-
Operates with transparency, professionalism, and trust — unlike unreliable “middleman” who claim to use mysterious quantum server







