Bogdan Botezatu, director of threat research and reporting at Bitdefender, would not say how they obtained the decryption keys they used to create the tool and noted that they will only be able to know the full scale of the attack campaign once victims start downloading the decryptor.
Botezatu said.
“This is an emerging piece of ransomware that is still distributed at the moment of writing. We have seen blocked ransomware on computers located in the U.S. and UK. We believe that the attacker is targeting English-speaking countries at this point. We believe that the demanded ransom varies from infection to infection based on how important the ransomed data is to the user or to the business.”
Both Bitdefender and Cisco researchers found that similarities in code and more indicate that the ransomware belongs to the Xorist family, which they said has existed in various forms since 2010.
Cisco said the ease with which the Xorist variants can be customized allows threat actors to build new variants with different names, encryption file extensions, and custom ransom notes.
They found a leaked version of the Xorist builder where the builder interface options closely resembled an actual Xorist ransomware builder interface, as shown in a report by PCrisk. The builder generates a ransomware executable file that the attackers can further customize, they said.
The actors behind MortalKombat typically spread the ransomware through phishing emails or target internet-exposed systems.
When executed, the malware changes the desktop wallpaper to a Mortal Kombat theme and generates a ransom note.
A Bitdefender spokesperson noted that the company has so far released 32 decryptors, including decryptors for GandCrab, Darkside, and a universal decryptor for REvil.
Read More and download MortalCombat Ransomeware Decryptor here
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more