Our Acronis Threat Research Unit (TRU) has uncovered new developments in the Makop ransomware, a variant of the notorious Phobos family.
WHAT’S HAPPENING?
Makop has leveled up 
by integrating:
GuLoader
Local privilege escalation exploits
TARGET:
Mainly businesses in India 
ATTACK PATH:
Starts via exposed RDP services
Deploys network scanners & privilege escalation tools
Uses antivirus killers 
Encrypts data 
KEY FINDING:
In some cases, GuLoader is being used to deliver Makop, potentially the first documented case of Makop being distributed via a loader!
TAKEAWAY:
This evolution underscores the critical importance of:
Securing remote access systems
Enhancing network monitoring
Proactive threat detection
Stay vigilant and ensure your defenses are up-to-date!