- ITDM 2025 전망 | 금융 플랫폼 성패, 지속가능한 사업 가치 창출에 달렸다” KB국민카드 이호준 그룹장
- “고객경험 개선하고 비용은 절감, AI 기반까지 마련” · · · AIA생명의 CCM 프로젝트 사례
- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
- These Sony headphones eased my XM5 envy with all-day comfort and plenty of bass
Researchers Release MortalKombat Ransomware Decryptor
Victims of the MortalKombat ransomware variant have been handed a lifeline, after Bitdefender released a new decryption key on Tuesday.
The security firm said it had been monitoring MortalKombat since its appearance in January this year.
“Based on the Xorist ransomware, MortalKombat spreads through phishing emails and targets exposed RDP instances,” it explained. “The malware gets planted through the BAT Loader that also delivers the Laplas Clipper malware.”
In fact, it is the variant’s underlying Xorist codebase which is likely to have enabled the security researchers to provide a decryption key in record time. Xorist is a commodity ransomware family for which a decryptor has been available for several years.
Victims of MortalKombat had their data encrypted, and files were generated with an unusually long extension: “Remember_you_got_only_24_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_Mortal_Kombat_Ransomware.”
They also found the desktop wallpaper changed to a Mortal Kombat theme and a ransom note titled: “Hhow to decrypt files.txt.”
Bitdefender said its decryptor could also be executed silently via a command line – particularly handy for organizations wanting to automate its deployment inside a large network.
As reported by Infosecurity, the original MortalKombat threat actor was also observed dropping the Laplas Clipper clipboard stealer malware, to target cryptocurrency users.
“Laplas Clipper targets users by employing regular expressions to monitor the victim machine’s clipboard for their cryptocurrency wallet address,” said Cisco Talos in its original report on the campaign.
“Once the malware finds the victim’s wallet address, it sends it to the attacker-controlled Clipper bot, which will generate a lookalike wallet address and overwrite it to the victim’s machine’s clipboard. If victims subsequently attempt to use the lookalike wallet address while performing transactions, the result will be a fraudulent cryptocurrency transaction.”
Bitdefender’s latest decryption key announcement comes hot on the heels of a similar tool designed to help victims of the MegaCortex ransomware variant. That key was published in January this year, while a previous one, for the LockerGaga ransomware family, was released in September 2022.
Editorial credit icon image: Ralf Liebhold / Shutterstock.com