The MortalKombat ransomware has just been updated with a new decryptor that may now be downloaded. Since the first instance of the MortalKombat ransomware family was discovered online in January of this year, Bitdefender has been keeping a close eye on it.
MortalKombat is a ransomware that is based on Xorist. It spreads by phishing emails and targets RDP instances that are accessible to the internet. The BAT Loader is responsible for planting the malware after it has been successfully installed on the machine of the victim. It is commonly known that this loader will also transmit the malware known as Laplas Clipper, which will cause further harm to the machine.
The MortalKombat ransomware encrypts every file on the computer that it infects, including those that are located in the recycle bin and files associated with virtual machines. In addition to that, it makes Windows Explorer unusable, deletes folders and files from the start-up menu, and disables the Run command.
A typical infection carried out as part of this campaign starts with a phishing email. This email then triggers a multi-stage attack chain in which the actor delivers either malware or ransomware, and then deletes evidence of malicious files, thus making it difficult to analyze their activity and covering their tracks.
An executable BAT loader script may be found in the malicious ZIP file that was attached to the first phishing email. When a victim opens the loader script, it downloads another malicious ZIP file from an attacker-controlled hosting server to the victim’s machine, automatically inflates the file, and then executes the payload, which is either the GO variant of the Laplas Clipper malware or the MortalKombat ransomware, depending on which one was specified in the loader script. The loader script will erase the malicious files that were downloaded and placed onto the victim’s computer, then it will execute the dropped payload as a process on the victim’s computer. This will clear up the infection indicators.
Symptoms of an active infection
When it has been activated, the MortalKombat Ransomware encrypts data and creates files with a certain extension.
Bitdefender has made available for download below a free universal decryptor that is compatible with the most recent version of Mortal Kombat:
Get the decryptor for Mortal Kombat here.
A command line may also be used to do an operation that is completely quiet. Using this functionality might be beneficial to you in the event that you need to automate the distribution of the product inside a wide network.
The cryptocurrency wallets that are stored on the device are the goal of the financially motivated ransomware, which also checks the clipboard of the computer for addresses of cryptocurrency wallets. If a clipboard entry is discovered, it is sent to the server of the hacker, where a Clipper bot is waiting to replace it with a lookalike address that is really held by the hacker.
The victims of the MortalKombat ransomware may now retrieve their data without having to pay the ransom thanks to the recent availability of a new decryptor. This is an important advancement in the battle against ransomware, which is a menace that has grown more frequent to people as well as corporations.
The new solution that Bitdefender has released helps to assist broader efforts to prevent cybercriminals from benefitting from their illegal actions by reducing the likelihood that victims will be forced to pay ransoms. The availability of the decryptor highlights how important it is to regularly back up your data and employ stringent security measures in order to defend yourself against ransomware attacks.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.