Bitdefender released a free decryptor for the MortalKombat Ransomware family

1 year ago AndyC

Antivirus
company
Bitdefender
has released a
free
decryptor
for
the
recently
discovered
ransomware
family
MortalKombat.

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Antivirus
company
Bitdefender
has released a
free
decryptor
for
the
recently
discovered
ransomware
family
MortalKombat.

Good
news
for
the
victims
of
the
recently
discovered


MortalKombat
ransomware,
the
antivirus
firm
Bitdefender
has released a
free
decryptor
that
will
allow
them
to
recover
their
file
without
paying
the
ransom.

Since
December
2022,
Cisco
Talos
researchers
have
been
observing
an
unidentified
financially
motivated
threat
actor
deploying
two
new
malware,
the
MortalKombat
ransomware
and
a
GO
variant
of
the Laplas
Clipper malware.

The
similarities
in
code,
class
name,
and
registry
key
strings,
led
the
experts
in
assessing
with
high
confidence
that
the
MortalKombat
ransomware
belongs
to
the
Xorist
ransomware
family.

Threat
actors
use
a
multi-stage
attack
chain
that
begins
with
a
phishing
email
with
a
ZIP
attachment
containing
a
BAT
loader
script.


“Once
executed,
MortalKombat
Ransomware
encrypts
data
and
generates
files
with
a
specific
extension: ..Remember_you_got_only_24_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_Mortal_Kombat_Ransomware.
It
also
changes
the
desktop
wallpaper
to
give
it
a
Mortal
Kombat
theme
and
generates
a
ransom
note
called HOW
TO
DECRYPT
FILES.txt.”
reads
the


post
published
by
Bitdefender.

MortalKombat
first
appeared
on
the
threat
landscape
in
January
2023,
it
targets
various
files
on
the
victim
machine’s
filesystem,
such
as
system,
application,
database,
backup,
and
virtual
machine
files,
as
well
as
files
on
the
remote
locations
mapped
as
logical
drives. 

Unlike
other
ransomware
families,
MortalKombat
did
not
show
any
wiper
behavior
or
delete
the
volume
shadow
copies
on
the
infected
system.
It
corrupts
Windows
Explorer,
removes
applications
and
folders
from
Windows
startup,
and
disables
the
Run
command
window,
making
the
system
inoperable.

MortalKombat ransomware

The
ransom
note
instructs
the
victim
to
contact
the
attacker
through
the
qTOX
instant
messaging
application.

Most
of
the
victims
are
located
in
the
U.S.,
but
experts
observed
limited
infections
in
the
United
Kingdom,
Turkey,
and
the
Philippines.

The


tool
released
by
Bitdefender
works
against
the
current
version
of
MortalKombat,
it
can
be
downloaded


here.

The
company
pointed
out
that
the
decryptor
can
also
be
executed
silently
via
a
command
line,
which
can
be
useful
to
automate
the
deployment
of
the
tool
inside
a
large
network.

Follow
me
on
Twitter:


@securityaffairs
and


Facebook
and


Mastodon



Pierluigi Paganini


(SecurityAffairs –

hacking,
ransomware)



About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

Two students uncovered a flaw that allows to use laundry machines for free

Two students uncovered a flaw that allows to use laundry machines for free

1 hour ago AndyC

IBM Sells Cybersecurity Group – Schneier on Security

1 hour ago AndyC
Grandoreiro Banking Trojan is back and targets banks worldwide

Grandoreiro Banking Trojan is back and targets banks worldwide

7 hours ago AndyC
Weekly Update 400

Weekly Update 400

13 hours ago AndyC
Healthcare firm WebTPA data breach impacted 2.5M individuals

Healthcare firm WebTPA data breach impacted 2.5M individuals

19 hours ago AndyC
Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

1 day ago AndyC

You may have missed

Strengthen Your Security Operations: MITRE ATT&CK Mapping in Cisco XDR

1 hour ago AndyC
Two students uncovered a flaw that allows to use laundry machines for free

Two students uncovered a flaw that allows to use laundry machines for free

1 hour ago AndyC

IBM Sells Cybersecurity Group – Schneier on Security

1 hour ago AndyC
Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

1 hour ago AndyC
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

1 hour ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.