HQ/EMEAFind out how we can help your business
The relatively new and mediocre cybercriminal group, Makop ransomware, has run numerous campaigns for three years. Despite its low classification, this cybercriminal group has successfully targeted different European organisations.
Based on reports, the Makop operators have adopted a hybrid arsenal of specially crafted and off-the-shelf software kits.
The Makop ransomware group has used their self-made malicious tools to execute their cybercriminal campaigns.
According to investigations, the Makop ransomware operators have been using a set of custom-made malicious kits to run their cyberattacks. One example of these custom kits is the tool called ARestore.
The Makop malware developers developed this tool three years ago, and it includes an obfuscation ability. Moreover, the device could generate comb lists of local Windows usernames and passwords and examine them locally.
These miscreants use ARestore after the initial intrusion stage of their attack process. Furthermore, the Makop group uses several [.]net assemblies, like PuffedUp, to acquire complete further steps of the cybercriminal operation.
Additionally, the ARestore tool could establish persistence for the actors after the initial access to the targeted system. The kit depends on a textual configuration archive in a similar folder containing one or more 42-character strings that the actors will place into the target’s clipboard.
The ransomware group uses off-the-shelf freeware and open-source tools to execute lateral movement and system discovery. Makop also abuses several Microsoft SysInternal tools, such as PsExec, and other popular open-source tools, such as Mimikatz.
Some researchers have also seen the group abusing even unknown software products for their operations. A couple of incidents showed that the Makop group used an Advanced Port Scanner and the Windows Everything tool.
The group also utilised a unique kit with a system administration tool called YDark, an open-source tool on GitHub.
The Makop ransomware group has custom-developed and off-the-shelf software tools they could use in their operations. Exploiting these weapons implies that the Makop operators are evolving into a more dangerous threat group.
Therefore, organisations should employ a more proactive defence solution to secure their network and mitigate the potential damage caused by the Makop ransomware attacks.
