Romanian cybersecurity company Bitdefender has released a free decryption tool for a new ransomware variant. Mortal Kombat.
MortalKombat is a new ransomware that emerged in January 2023. It is based on a commodity ransomware called Xorist and has been observed in attacks targeting entities in the US, Philippines, UK, and Turkey.
Detected since 2010, Xorist has been distributed as a ransomware builder, allowing cyberthreat actors to create and customize their own versions of the malware.
This includes the ransom note, the file name of the ransom note, the list of file extensions targeted, the wallpaper used and the extension used in the encrypted files.
MortalKombat was especially deployed in recent attacks launched by anonymous, financially motivated attackers as part of a phishing campaign targeting a wide range of organizations.
“MortalKombat encrypts various files on the victim’s machine’s file system, including system, application, database, backup, and virtual machine files, as well as files on remote locations mapped as logical drives on the victim’s machine. ,” Cisco Talos announced earlier this month. .
Ransomware does not wipe or delete Volume Shadow Copies, but corrupts Windows Explorer and[コマンドの実行]Disable windows and remove all applications and folders from Windows startup.
It has also been known to corrupt deleted files in the Recycle Bin folder, change file names and types, and modify the Windows registry to achieve persistence. The attackers behind the campaign and their operating model are still unknown.
Is your business ready for the top SaaS 🛡️ security challenges of 2023? Learn how to tackle them – join the webinar today!
“Based on the Xorist ransomware, MortalKombat spreads via phishing emails and targets exposed RDP instances,” said Bitdefender. “Malware is planted via his BAT loader, which also delivers the Laplas Clipper malware.”
MortalKombat isn’t the only Xorist variant to appear in the threat landscape over the past few months. In November 2022, Fortinet FortiGuard Labs revealed another version that leaves the ransom note in Spanish.
The development comes just over a month after Avast released a free decryptor for the BianLian ransomware, allowing victims of the malware to recover their locked files without paying the attackers.
