Bitdefender releases a free universal decryptor for MortalKombat ransomware
1Bitdefender, a Romanian cybersecurity company, has recently launched a universal decryptor for MortalKombat, a new file-encrypting malware that surfaced in January 2023. MortalKombat is based on Xorist, a commodity ransomware that was first identified in 2010. The malware is widely distributed as a ransomware builder, allowing cybercriminals to create customized versions of the malware, including ransom notes, wallpaper, file extensions targeted, and the extension to be used on encrypted files.
MortalKombat has been observed in attacks on various entities in the U.S., the Philippines, the U.K., and Turkey. In a phishing campaign aimed at a wide range of organizations, an unknown financially motivated threat actor deployed MortalKombat as a part of recent attacks. MortalKombat encrypts various files on the victim's machine, including system, application, database, backup, and virtual machine files, as well as files on remote locations mapped as logical drives in the victim's machine.
The ransomware corrupts Windows Explorer, disables the Run command window, removes all applications and folders from Windows startup, and alters the file names and types while making Windows Registry modifications to achieve persistence. MortalKombat does not exhibit wiper behavior or delete volume shadow copies, but it is known to corrupt the deleted files in the Recycle Bin folder.
MortalKombat spreads through phishing emails and targets exposed RDP instances. The malware gets planted through the BAT Loader, which also delivers Laplas Clipper malware. Bitdefender noted that MortalKombat is not the only Xorist variant to have emerged in the threat landscape over the past few months. In November 2022, Fortinet FortiGuard Labs revealed another version that leaves a ransom note in Spanish.
Also read: Stay Ahead of the Hook: A Guide to Understanding and Avoiding Phishing Scams
Avast recently published a free decryptor for BianLian ransomware to help victims of the malware recover locked files without paying the threat actors. The threat actors behind the MortalKombat campaign and their operational model remain unknown.
Thank you for reading our blog. Follow us on social media for more updates and feel free to contact us with any questions or comments. Share with your friends and family. We appreciate your support and look forward to sharing more valuable insights with you.