Cybersecurity company Bitdefender has recently announced the release of a new decryptor for the MortalKombat ransomware. The decryptor is now available for download and can help victims of ransomware to recover their encrypted files without having to pay the ransom.
What kind of malware is MortalKombat?
MortalKombat is ransomware our malware researchers have discovered while inspecting samples submitted to the VirusTotal website. It encrypts files, changes the desktop wallpaper, drops the “HOW TO DECRYPT FILES.txt” file, and modifies filenames. MortalKombat is based on Xorist ransomware.
MortalKombat appends the”Remember_you_got_only_24_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_Mortal_Kombat_Ransomware.” Victims will then see a ransom note titled “HOW TO DECRYPT FILES.txt.”
The ransom note says that victims must purchase a decryption program to recover access to their files. It instructs victims to contact the attackers via the Tox chat (using the provided ID) or email@example.com email address for payment instructions.
The MortalKombat’s extension appended to filenames contains a sentence (words separated by underscores) saying that victims have 24 hours to pay a ransom because after that price of a decryption tool will be tripled.
The ransomware also disables the run command, corrupts Windows Explorer, and deletes contents from the startup menu. The malware downloader is also known to download Laplas Clipper, which replaces crypto wallet addresses in the clipboard with fraudulent imitations that lead to the hacker’s wallets. Most targets have been in the United States, but a few were in the UK, the Philippines, and Turkey.
Bitdefender’s new tool can help to prevent victims from having to pay the ransom and supports the wider effort to stop cyber criminals from profiting from their malicious activities. The availability of the decryptor underscores the importance of backing up files and implementing robust security measures to protect against ransomware attacks.
Users should always be careful regarding emails from unknown senders, especially ones carrying attachments or containing links promising payments. Messages asking about account information and other credentials are also suspect.