MAKB ransomware is a malicious data encryption program. A cybersecurity research company called Xiaopao first identified the MAKB ransomware in 2020. Xiaopao classified it as a malicious program that is from the notorious Scarab malware family. This family of malware programs uses secure encryption algorithms that can go past beyond ordinary antivirus programs. Other malware entities that belongs to this family include:
- Xati ransomware
- Ambrosia ransomware
- Inchin ransomware
- Ormeta ransomware
- Artemy ransomware
What Does MAKB Ransomware Do?
The MAKB ransomware uses stealth technology to infiltrate users’ systems. Soon after the infiltration, it modifies Windows settings, and then encrypts essential files in the system. It targets the commonly used files to maximize user damage, such as:
- Pictures/photos (.jpg)
- Important documents, such as .doc, .pdf, .Xls, .mpg or zip
After encrypting the files, the MAKB ransomware modifies their filenames by adding the .MAKB file extension at the end of each file to ensure that victims cannot open them. It also changes Windows registry keys and deletes any file’s Shadow Copies to acquire persistence and prevent easy recovery. These modifications might affect the system’s performance.
To make it worse, the MAKB ransomware replaces the full name with a random string. For instance, after modification, it will rename a file such as “1.jpg” to “2g000000000p0zw9VkBVWnK5dMRu2hk8.MAKB ”. This encryption blocks victims from recognizing and opening their files if they don’t decrypt them.
After encrypting files, the MAKB ransomware leaves a ransom note saying, “HOW TO RECOVER ENCRYPTED FILES.txt.” The note asks victims to contact the attackers through email. It also explains that the victims have 72 hours to use the decryptor key, as it will be deleted.
Note: Do not pay the ransom or contact the attackers. They may initiate a further attack on your PC or give you a non-functional key to demand more payment.
How Did MAKB Ransomware Get into My Computer?
Malware programs have multiple ways of infiltrating PC systems.
Here are the different ways through which the MAKB malware can infiltrate your system:
- Through unprotected Remote Desktop connections
- Through malicious spam email attachments and embedded hyperlinks
- Through bundled installation with shareware and freeware
- Through exploit kits and software vulnerabilities
- Through fake Windows update notifications or Flash Player updates
If you detect the presence of the MAKB ransomware, you need to remove it immediately. If left on the system, it can re-encrypt recovered files, install other malware variants, or conduct data-stealing activities on your PC.
How to Remove MAKB Ransomware
Use these MAKB ransomware removal instructions to remove it:
1. Scan your PC using a quality anti-malware program
You will need a quality anti-malware tool that has anti-ransomware capabilities to identify and remove the MAKB ransomware. The advantage of a quality anti-malware tool is that it can identify and remove the MAKB ransomware and other suspicious and potentially unwanted programs that might be hiding on your PC.
2. Remove the MAKB ransomware using Safe Mode with Networking and System Restore.
Use Safe Mode with Networking to reboot your PC and restore the MAKB encrypted files:
- Press the Windows key.
- Click the Power button.
- Press and hold the Shift button and click Restart.
- Select Troubleshoot > Advanced > Startup Settings.
- Press Restart.
- On the Startup setting Window, select Enable Safe Mode with Command Prompt.
- On the Command Prompt window, enter cd restore and click Enter.
- Then, type rstrui.exe and press Enter again.
- On the new window, click Next and select your Windows Restore point before the MAKB infiltration.
- Then, click Next.
- After the process, click Yes to restore.
3. Run a System File Checker (SFC) scan
The MAKB ransomware can imitate genuine PC applications and reside in your PC without detection. It can damage your PC’s Windows system files. You need to examine your PC’s Windows files by running the SFC utility.
- Press Win + Q.
- Type cmd followed by Ctrl+Shift+Enter to run Command Prompt as Admin.
- In the Command Prompt interface, type sfc/scannow and press Enter.
The SFC will identify and fix errors and damaged files. Be patient because the process may take a while. It should then generate a report.
4. Decrypt the encrypted (.MAKB) files using a third-party tool
There are various third-party tools to help you decrypt the MAKB encrypted files. For instance, you can use Emsisoft’s decrypter. To decrypt the files with Emsisoft:
- Download Emsisoft (from the official site).
- Run Emsisoft’s decrypter .exe to install the program.
- After installing, launch Emsisoft as an administrator.
- Among the options, select the files you want to decrypt (alternatively, let Emsisoft decrypter automatically identify files that need to be decrypted).
- Click the “decrypt” button to start the process.
Wait patiently until the decryption process is complete, then restart your PC.
5. Restore files using quality third-party data recovery tools
It may not be easy to recover your files manually. This is why we recommend using quality, third-party data recovery tools to restore and recover the .MAKB encrypted files. Review each tool before using it for your data recovery process.
We believe that you have found this guide helpful in understanding and removing the MAKB ransomware. We recommend that you avoid future ransomware attacks by protecting your computer from malware infiltration. Ensure that you install a powerful anti-malware tool in your PC and avoid downloading free software.