Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain

MortalKombat Ransomware

Romanian cybersecurity company Bitdefender has released a free decryptor for a new ransomware strain known as MortalKombat.

MortalKombat is a new ransomware strain that emerged in January 2023. It’s based on commodity ransomware dubbed Xorist and has been observed in attacks targeting entities in the U.S., the Philippines, the U.K., and Turkey.

Xorist, detected since 2010, is distributed as a ransomware builder, allowing cyber threat actors to create and customize their own version of the malware.

This includes the ransom note, the file name of the ransom note, the list of file extensions targeted, the wallpaper to be used, and the extension to be used on encrypted files.

MortalKombat notably was deployed in recent attacks mounted by an unnamed financially motivated threat actor as a part of a phishing campaign aimed at a wide range of organizations.

“MortalKombat encrypts various files on the victim machine’s filesystem, such as system, application, database, backup, and virtual machine files, as well as files on the remote locations mapped as logical drives in the victim’s machine,” Cisco Talos disclosed earlier this month.

MortalKombat Ransomware Strain

Although the ransomware does not exhibit wiper behavior or delete volume shadow copies, it corrupts Windows Explorer, disables the Run command window, and removes all applications and folders from Windows startup.

It’s also known to corrupt the deleted files in the Recycle Bin folder and alter the file names and types and make Windows Registry modifications to achieve persistence. The threat actors behind the campaign and their operational model are unknown as yet.

“Based on the Xorist ransomware, MortalKombat spreads through phishing emails and targets exposed RDP instances,” Bitdefender said. “The malware gets planted through the BAT Loader that also delivers the Laplas Clipper malware.”

MortalKombat is not the only Xorist variant to have emerged in the threat landscape over the past few months. In November 2022, Fortinet FortiGuard Labs revealed another version that leaves a ransom note in Spanish.

The development also comes a little over a month after Avast published a free decryptor for BianLian ransomware to help victims of the malware recover locked files without having to pay the threat actors.



Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn