Antivirus
company
Bitdefender
has released a
free
decryptor
for
the
recently
discovered
ransomware
family
MortalKombat.
Good
news
for
the
victims
of
the
recently
discovered
MortalKombat
ransomware,
the
antivirus
firm
Bitdefender
has released a
free
decryptor
that
will
allow
them
to
recover
their
file
without
paying
the
ransom.
Since
December
2022,
Cisco
Talos
researchers
have
been
observing
an
unidentified
financially
motivated
threat
actor
deploying
two
new
malware,
the
MortalKombat
ransomware
and
a
GO
variant
of
the Laplas
Clipper malware.
The
similarities
in
code,
class
name,
and
registry
key
strings,
led
the
experts
in
assessing
with
high
confidence
that
the
MortalKombat
ransomware
belongs
to
the
Xorist
ransomware
family.
Threat
actors
use
a
multi-stage
attack
chain
that
begins
with
a
phishing
email
with
a
ZIP
attachment
containing
a
BAT
loader
script.
“Once
executed,
MortalKombat
Ransomware
encrypts
data
and
generates
files
with
a
specific
extension: ..Remember_you_got_only_24_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_Mortal_Kombat_Ransomware
.
It
also
changes
the
desktop
wallpaper
to
give
it
a
Mortal
Kombat
theme
and
generates
a
ransom
note
called HOW
.”
TO
DECRYPT
FILES.txt
reads
the
post
published
by
Bitdefender.
MortalKombat
first
appeared
on
the
threat
landscape
in
January
2023,
it
targets
various
files
on
the
victim
machine’s
filesystem,
such
as
system,
application,
database,
backup,
and
virtual
machine
files,
as
well
as
files
on
the
remote
locations
mapped
as
logical
drives.
Unlike
other
ransomware
families,
MortalKombat
did
not
show
any
wiper
behavior
or
delete
the
volume
shadow
copies
on
the
infected
system.
It
corrupts
Windows
Explorer,
removes
applications
and
folders
from
Windows
startup,
and
disables
the
Run
command
window,
making
the
system
inoperable.
The
ransom
note
instructs
the
victim
to
contact
the
attacker
through
the
qTOX
instant
messaging
application.
Most
of
the
victims
are
located
in
the
U.S.,
but
experts
observed
limited
infections
in
the
United
Kingdom,
Turkey,
and
the
Philippines.
The
tool
released
by
Bitdefender
works
against
the
current
version
of
MortalKombat,
it
can
be
downloaded
here.
The
company
pointed
out
that
the
decryptor
can
also
be
executed
silently
via
a
command
line,
which
can
be
useful
to
automate
the
deployment
of
the
tool
inside
a
large
network.
Follow
me
on
Twitter:
@securityaffairs
and
Facebook
and
Mastodon
(SecurityAffairs –
hacking,
ransomware)