Makop ransomware
Is there any known decryptor for this ransomware family?
Current situation:
- No backups available.
- Initial point of infection is unknown.
- Organization-wide compromise.
- Encrypted files have a double extension. A random 5-character string is appended after the original file extension.
- Ransom note provides only an email address for communication. No tox communication.
- OSINT on the email address shows it appears to be newly created, with no leaks, mentions, or known attribution.
At this stage, what are the best sources for additional intelligence and attribution? How to know the small threat actor group behind it?
Specifically:
Are there repositories or databases that can help identify the ransomware family based on file naming patterns and extensions?
What artifacts should I focus on collecting when the initial infection vector is unknown?
Are there threat intelligence platforms, ransomware-tracking projects, or malware repositories that may help correlate a fresh email address with a known actor?
Has anyone encountered a ransomware strain that appends a random 5-character suffix after the extension?
I understand determining the infection vector is important for containment and scoping, but with no decryptor, no backups, and limited indicators, I'm trying to identify the threat actor or ransomware family first to determine whether recovery options exist.
How did you reach to Makop ransomware? Ransom note, encrypted file size is similar. Yes only those two.
Any guidance would be appreciated.