Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Bitdefender releases MortalKombat ransomware decryptor

The MortalKombat ransomware only started delivering fatalities in December 2022, but a decryptor is already available.

user icon David Hollingworth
Fri, 03 Mar 2023
Bitdefender releases MortalKombat ransomware decryptor
expand image

Bitdefender released the decryptor today (2 March), along with directions on how to deploy the decryptor across a large network as well as on a single machine via the command-line interface.

The MortalKombat ransomware is a variant of the Xorist family, first revealed by Cisco’s Talos Intelligence group in February of this year. Attacks typically begin with a phishing attack utilising a malicious zip file. The email comes from a fake CoinPayments address, informing users that a cryptocurrency transaction on that network has failed; the zip filename matches a transaction ID in the body of the email, tricking the recipient into opening the malicious file.

It’s a trick that really only works on frequent traders of cryptocurrencies, but they are a lucrative target.

============
============

The zip file contains either a GoLang variant of the Laplas Clipper malware — which can steal cryptocurrency from a target machine — or the MortalKombat ransomware, which can effectively do the same since the threat actor asks for bitcoin to decrypt the user’s system.

You can find the decryptor and how to use and deploy it, here.

What remains to be seen is if the developers of the ransomware — who are so far unidentified — will be able to work around this fix.

Last month, the US Cybersecurity and Infrastructure Security Agency released its own decryptor for the ESXiArgs ransomware, which at the time was growing to infect tens of thousands of systems worldwide. The decryptor was a useful tool for a time, until the creators of the original ransomware released a new variant that could encrypt more of a file, making recovery guides more difficult to implement.

“The timing of this update seems like a direct response to CISA’s decryptor and observations made by security researchers,” Censys said in a blog post. “They likely followed updates from the security community. They realised that researchers were tracking their payments, and they may have even known before they released the ransomware that the encryption process in the original variant was relatively easy to circumvent.”

“In other words: they are watching.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.