Bitdefender released a free decryptor for the MortalKombat Ransomware family

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat.

Good news for the victims of the recently discovered MortalKombat ransomware, the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Since December 2022, Cisco Talos researchers have been observing an unidentified financially motivated threat actor deploying two new malware, the MortalKombat ransomware and a GO variant of the Laplas Clipper malware.

The similarities in code, class name, and registry key strings, led the experts in assessing with high confidence that the MortalKombat ransomware belongs to the Xorist ransomware family.

Threat actors use a multi-stage attack chain that begins with a phishing email with a ZIP attachment containing a BAT loader script.

“Once executed, MortalKombat Ransomware encrypts data and generates files with a specific extension: ..Remember_you_got_only_24_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_Mortal_Kombat_Ransomware. It also changes the desktop wallpaper to give it a Mortal Kombat theme and generates a ransom note called HOW TO DECRYPT FILES.txt.” reads the post published by Bitdefender.

MortalKombat first appeared on the threat landscape in January 2023, it targets various files on the victim machine’s filesystem, such as system, application, database, backup, and virtual machine files, as well as files on the remote locations mapped as logical drives.

Unlike other ransomware families, MortalKombat did not show any wiper behavior or delete the volume shadow copies on the infected system. It corrupts Windows Explorer, removes applications and folders from Windows startup, and disables the Run command window, making the system inoperable.

The ransom note instructs the victim to contact the attacker through the qTOX instant messaging application.

Most of the victims are located in the U.S., but experts observed limited infections in the United Kingdom, Turkey, and the Philippines.

The tool released by Bitdefender works against the current version of MortalKombat, it can be downloaded here.

The company pointed out that the decryptor can also be executed silently via a command line, which can be useful to automate the deployment of the tool inside a large network.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.