Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain

1 year ago AndyC

Feb
28,
2023Ravie
Lakshmanan

Romanian
cybersecurity
company
Bitdefender
has

released
a
free
decryptor
for
a
new
ransomware
strain
known
as

MortalKombat.

MortalKombat
is
a
new
ransomware
strain
that
emerged
in
January
2023.

Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain



Feb
28,
2023Ravie
Lakshmanan


Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain

Romanian
cybersecurity
company
Bitdefender
has

released
a
free
decryptor
for
a
new
ransomware
strain
known
as

MortalKombat.

MortalKombat
is
a
new
ransomware
strain
that
emerged
in
January
2023.
It’s
based
on
commodity
ransomware
dubbed
Xorist
and
has
been
observed
in
attacks
targeting
entities
in
the
U.S.,
the
Philippines,
the
U.K.,
and
Turkey.


Xorist,
detected
since
2010,
is
distributed
as
a
ransomware
builder,
allowing
cyber
threat
actors
to
create
and
customize
their
own
version
of
the
malware.

This
includes
the
ransom
note,
the
file
name
of
the
ransom
note,
the
list
of
file
extensions
targeted,
the
wallpaper
to
be
used,
and
the
extension
to
be
used
on
encrypted
files.

MortalKombat
notably
was
deployed
in
recent
attacks
mounted
by
an
unnamed
financially
motivated
threat
actor
as
a
part
of
a
phishing
campaign
aimed
at
a
wide
range
of
organizations.

“MortalKombat
encrypts
various
files
on
the
victim
machine’s
filesystem,
such
as
system,
application,
database,
backup,
and
virtual
machine
files,
as
well
as
files
on
the
remote
locations
mapped
as
logical
drives
in
the
victim’s
machine,”
Cisco
Talos

disclosed
earlier
this
month.


MortalKombat Ransomware Strain

Although
the
ransomware
does
not
exhibit
wiper
behavior
or
delete
volume
shadow
copies,
it
corrupts
Windows
Explorer,
disables
the
Run
command
window,
and
removes
all
applications
and
folders
from
Windows
startup.

It’s
also
known
to
corrupt
the
deleted
files
in
the
Recycle
Bin
folder
and
alter
the
file
names
and
types
and
make
Windows
Registry
modifications
to
achieve
persistence.
The
threat
actors
behind
the
campaign
and
their
operational
model
are
unknown
as
yet.

“Based
on
the
Xorist
ransomware,
MortalKombat
spreads
through
phishing
emails
and
targets
exposed
RDP
instances,”
Bitdefender
said.
“The
malware
gets
planted
through
the
BAT
Loader
that
also
delivers
the

Laplas
Clipper
malware.”

MortalKombat
is
not
the
only
Xorist
variant
to
have
emerged
in
the
threat
landscape
over
the
past
few
months.
In
November
2022,
Fortinet
FortiGuard
Labs

revealed
another
version
that
leaves
a
ransom
note
in
Spanish.

The
development
also
comes
a
little
over
a
month
after
Avast

published
a
free
decryptor
for
BianLian
ransomware
to
help
victims
of
the
malware
recover
locked
files
without
having
to
pay
the
threat
actors.

Found
this
article
interesting?
Follow
us
on

Twitter


and

LinkedIn
to
read
more
exclusive
content
we
post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

A SaaS Security Challenge: Getting Permissions All in One Place 

A SaaS Security Challenge: Getting Permissions All in One Place 

11 hours ago AndyC
New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data

New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data

11 hours ago AndyC
The Fundamentals of Cloud Security Stress Testing

The Fundamentals of Cloud Security Stress Testing

17 hours ago AndyC
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version

Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version

17 hours ago AndyC
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

17 hours ago AndyC
Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator

Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator

1 day ago AndyC

You may have missed

CrowdStrike unveils ground-breaking AI-native SOC functions

CrowdStrike unveils ground-breaking AI-native SOC functions

1 hour ago AndyC
Skylight Cyber unveils free NIST CSF 2.0 converter tool

Skylight Cyber unveils free NIST CSF 2.0 converter tool

1 hour ago AndyC
<div>Australians favour IT & language skills, Udemy report reveals</div>

Australians favour IT & language skills, Udemy report reveals

1 hour ago AndyC
<div>ACS seeks tech professionals' views for Digital Pulse report</div>

ACS seeks tech professionals’ views for Digital Pulse report

1 hour ago AndyC
Zscaler unveils ZDX Copilot, revolutionising AI-assisted IT monitoring

Zscaler unveils ZDX Copilot, revolutionising AI-assisted IT monitoring

1 hour ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.