December 9, 2025 By Tushar Subhra Dutta
Makop ransomware, a strain of the Phobos malware family first spotted in 2020, continues to evolve into a significant threat to businesses worldwide.
Recent analysis reveals that attackers are combining brute-force RDP attacks with sophisticated privilege escalation techniques and security bypass tools to compromise organizations.
The majority of attacks, representing 55 percent of all incidents, specifically target companies in India, though Brazil, Germany, and other regions have also reported compromises.
The attackers prefer low-complexity, high-impact methods, leveraging off-the-shelf tools and publicly disclosed vulnerabilities to maximize their chances of success while minimizing detection risk.
Makop Ransomware Vulnerability Exploitation Table:-
| CVE ID | Component | CVSS Score | Severity | Type | Impact |
|---|---|---|---|---|---|
| CVE-2016-0099 | Windows Elevation of Privilege | 7.8 | High | Local Privilege Escalation | Windows kernel vulnerability enabling privilege escalation |
| CVE-2017-0213 | Windows Update Medic Service | 7.8 | High | Local Privilege Escalation | Device driver vulnerability exploited for system access |
| CVE-2018-8639 | Win32k Subsystem | 7.8 | High | Local Privilege Escalation | Windows kernel elevation leading to system privileges |
| CVE-2019-1388 | Windows Service Control Manager | 7.0 | High | Local Privilege Escalation | Allows attackers to elevate privileges through Windows elevation dialog |
| CVE-2020-0787 | Windows Update Medic Service | 7.8 | High | Local Privilege Escalation | BITS service elevation vulnerability |
| CVE-2020-0796 | SMB Protocol | 10.0 | Critical | Remote Code Execution / Privilege Escalation | SMB protocol vulnerability enabling remote exploitation |
| CVE-2020-1066 | Windows Installer Service | 7.8 | High | Local Privilege Escalation | Windows installer elevation of privilege vulnerability |
| CVE-2021-41379 | Windows Desktop Window Manager | 7.8 | High | Local Privilege Escalation | Windows Desktop Window Manager elevation vulnerability |
| CVE-2022-24521 | Windows Win32k Subsystem | 7.8 | High | Local Privilege Escalation | Win32k kernel elevation leading to system access |
| CVE-2025-7771 | ThrottleStop Driver | 8.4 | High | Privilege Escalation via Driver | Legitimate driver vulnerable to memory access exploitation for EDR/AV bypass |
