Updated Makop ransomware emerges

December 10, 2025

(Adobe Stock)

Phobos-based Makop ransomware has been improved to include the GuLoader malware for additional payload delivery, as well as leverage multiple off-the-shelf tools to bypass detection, Cyber Security News reports.

Attacks with Makop ransomware, which have been mostly aimed at Indian organizations, commenced with the abuse of Remote Desktop Protocol and brute-force tools for initial access, followed by the delivery of a toolkit with privilege escalation exploits and network scanners, as well as credential-dumping and antivirus disabling tools, for lateral movement, data extraction, and eventual encrypted payload distribution, an Acronis analysis showed.

Researchers have attributed Makop ransomware's success to its extensive local privilege escalation exploit collection, with the flaws, tracked as CVE-2017-0213, CVE-2018-8639, CVE-2021-41379, and CVE-2016-0099, being the most abused in its attacks. Such findings highlight the risks associated with weaponized administrative tools.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Learn More

SC Staff

Phishing

Malware campaign uses VirusTotal manipulation, legitimate news sites to gain reputation

Laura FrenchJune 18, 2026

The clipboard hijacker campaign also uses “ghost networks” on social media to boost engagement.

Phishing

FBI warns of sophisticated Kali365 phishing service targeting Microsoft accounts

SC StaffJune 17, 2026

Coverage from Tech Radar indicates that a sophisticated phishing-as-a-service platform, known as Kali365, Octopi365, and Freedom365, is actively targeting Microsoft accounts.

Ransomware

Attackers drop DragonForce ransomware leveraging MS Teams relay systems

Steve ZurierJune 17, 2026

DragonForce ransomware abused Microsoft Teams relay infrastructure to hide C2 traffic.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news