Cyber Security Center

Remove MAKB ransomware


MAKB ransomware is file encrypting malware that adds the .MAKB file extension to affected files. It is part of the Amnesia/Scarab ransomware family. We already reported on Ambrosia ransomware, another member of this family.

 

Screenshot (81)

MAKB ransomware is a serious malware infection that encrypts files and demands that users pay hundreds of dollars for their decryption. Once files are encrypted and have the .MAKB extension added to them, users will not be able to open them unless they use a special decryptor that the cyber crooks behind this ransomware will try to sell victims. The ransom note HOW TO RECOVER ENCRYPTED FILES.TXT does not specify the cost of the decryptor, only mentions that the price depends on how quickly victims contact them. Unfortunately, paying the ransom does not guarantee file decryption. It’s not uncommon for victims to receive a broken decryptor or not receive one at all after paying, so giving into the demands is usually discouraged.

When it comes to ransomware, the only sure way to recover files is via backup. This is why it’s so important that users develop the habit of backing up files on a regular basis. Had files been backed up prior to infection, users could delete MAKB ransomware and start file recovery immediately.

There’s also a possibility that malware researchers will release a free decryption tool. It’s not an uncommon occurrence and many researchers have helped users recover files without paying. However, users should be very careful about where they get their decryptors from as there are many malware-infected ones. NoMoreRansom is good and safe source for free decryption tools.

Ransomware distribution

Like most ransomware, MAKB ransomware is distributed via spam emails, system vulnerabilities, fake update notifications and torrents.

In order to avoid ransomware from using system vulnerabilities to get it, it’s important that users install updates as they are released. Those updates patch known vulnerabilities and could prevent infection. However, it’s also essential that users download updates from legitimate sources. There are many advertisements on high-risk websites falsely claiming that users need to install an update. If users fall for this, they could end up downloading ransomware. The system and most programs update automatically, there is no need for users to do anything. But if manual updates were to be installed, they should only be downloaded from legitimate sources.

Torrent websites are usually quite lax and allow anyone to upload anything. This creates the perfect environment for malware distributors to upload malware and disguise it as a popular movie, episode of a TV series, game, software, etc. Users are discouraged from downloading pirated content via torrents because that is not only stealing, but also potentially dangerous for the computer.

Spam emails are one of the more common ways ransomware is distributed. Malware operators use email addresses purchased from hacker forums to launch spam email campaigns that distribute malware. However, as long as users are attentive and do not rush to open unsolicited email attachments, they should be able to easily avoid opening a malicious email. Users should look out for an abundance of grammar and spelling errors and weird email addresses, but most importantly, they should scan all unsolicited email attachments with anti-malware software or VirusTotal before opening them.

Can victims recover MAKB ransomware encrypted files?

Once the ransomware is initiated, it will start file encryption. It will encrypt videos, photos, documents, essentially all files that are important to users. Once encryption is complete, affected files will have the .MAKB extension added to them. A ransom note HOW TO RECOVER ENCRYPTED FILES.TXT will also be dropped and it will contain information for victims on how to recover files.

Here is the full ransom note:

YOUR FILES ARE ENCRYPTED!

Your personal ID

All your files have been encrypted due to a security problem with your PC.
To restore all your files, you need a decryption.
If you want to restore them, write us to the e-mail makbigfast@india.com.
In a letter to send Your personal ID (see In the beginning of this document).
You have to pay for decryption in Bitcoins.
The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
In the letter, you will receive instructions to decrypt your files!

In a response letter you will receive the address of Bitcoin-wallet, which is necessary to perform the transfer of funds.
HURRY! Your personal code for decryption stored with us only 72 HOURS!

Our tech support is available 24 \ 7
Do not delete: Your personal ID
Write on e-mail, we will help you!

Free decryption as guarantee
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information and their total size must be less than 10Mb.
When the transfer is confirmed, you will receive interpreter files to your computer.
After start-interpreter program, all your files will be restored.

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Do not attempt to remove the program or run the anti-virus tools
Attempts to self-decrypting files will result in the loss of your data
Decoders are not compatible with other users of your data, because each user’s unique encryption key

The note explains that to recover files, users need to contact cyber crooks via makbigfast@india.com. The price of the decryption tool is not specified but it will likely be somewhere in the hundreds. A time limit of 72 hours is given. They also offer to decrypt 3 non-important files for free. As was mentioned before, users should keep in mind that paying does not guarantee file decryption, as crooks can just take the money and not send the decryptor.

Unfortunately, for users without backup, the only option is to back up encrypted files and wait for malware researchers to develop a free decryption tool.

MAKB ransomware removal

Users will need to use anti-malware software to delete MAKB ransomware from their computers. If they try to manually uninstall MAKB ransomware, they could end up doing even more damage, thus it is not recommended. Once the malware is no longer present, users can start file recovery from backup.

Remove MAKB ransomware is detected as:

  • A Variant Of Win32/Filecoder.FS by ESET
  • HEUR:Trojan-Ransom.Win32.Generic by Kaspersky
  • Ransom:Win32/Amnesia.VSA!MTB by Microsoft
  • Ransom-Amnesia!662EB7C4BC27 by McAfee