Bitdefender, a Romanian cybersecurity firm, has launched a free universal decryptor to combat the new file-encrypting malware MortalKombat. This ransomware strain is a new variation of Xorist and was discovered in January 2023. MortalKombat targets different organizations globally, including the United States, the United Kingdom, the Philippines, and Turkey.
Xorist has been known to be distributed as a ransomware builder since 2010, which allows cyber threat actors to create and personalize their version of the malware.
This customization includes a ransom note, the name of the ransom note file, targeted file extensions, wallpaper, and file extension to be used on encrypted files. In May 2016, Emsisoft made a decryptor for Xorist available.
MortalKombat, in recent attacks, was deployed as part of a phishing campaign by an unnamed financially motivated threat actor. It encrypts various files on the victim’s machine, including system, application, database, backup, virtual machine files, and files on remote locations mapped as logical drives.
Although it doesn’t delete volume shadow copies or exhibit wiper behavior, it corrupts Windows Explorer, removes all apps and folders from Windows startup, and disables the Run command window.
The campaign’s actors and their operational model are currently unknown. MortalKombat corrupts deleted files in the Recycle Bin folder, alters file names and types, and makes modifications to the Windows Registry for persistence.
The release of Bitdefender’s free decryptor can be a significant help to those affected by the MortalKombat ransomware.