menuĮach file that has been encrypted by the Maak ransomware will be renamed. Thus, almost all of the victim’s data will be encrypted, including documents, pictures, databases, archives and other types of files, such as:
dll’ and files with the name ‘_readme.txt’. There is a small exception, the virus does not encrypt files located in the Windows system directories, files with the extension from the list ‘.lnk. It doesn’t matter where the files are located, on the internal drive, flash drive, external media, cloud storage, all of them can be encrypted. It encrypts file-by-file, so that all files of the victim will be encrypted. Having a key to encrypt files, the Maak ransomware proceeds directly to the process of encrypting files. Thus, it can be used to decrypt files regardless of where they were encrypted. The offline key is the same for all victims. The online key is unique for each victim, that is, the key from one victim will not help decrypt the files of the other victim. There is a significant difference between ‘online key’ and ‘offline key’. If the ransomware could not connect to the command server, then it uses a fixed key, which the security researchers called ‘offline key’. In addition, Maak virus may receive additional commands and files that will be executed on the victim’s computer. If the connection has been established, the virus receives a key (so called ‘online key’) from the command server that will be used to encrypt files. Having collected information about the victim’s computer, the Maak ransomware tries to establish a connection with its command-and-control server (C&C).
Then the virus collects information about the victim’s computer and changes some Windows OS settings so that it starts automatically every time the PC is turned on or restarted. Upon execution, Maak creates a folder in the Windows system directory and copies itself there. Like other variants of this ransomware, it is distributed through key generators, cracked software, adware and torrents web-sites. Maak ransomware is a malware that is the 375th variant of STOP (DJVU) ransomware. Screenshot of files encrypted by Maak virus (‘.maak’ file extension) QUICK LINKS
0 kommentar(er)
