MortalKombat is a new line of ransomware that appeared earlier this year, and now has been released as a completely free decryption tool by security firm Bitdefender.
According to The Hacker News, Bitdefender – Romania’s cybersecurity company – has released a free decryptor for the new file encryption malware (ransomware) that has been around since early 2023, MortalKombat. This ransomware strain is based on Xorist malware and has been detected in attacks on the US, Philippines, UK, and Turkey.
Discovered in 2010, Xorist is distributed as a ransomware generator, allowing attackers to create and customize their own versions of malware such as ransom notes, filenames, and extension lists. Targeted files, wallpapers, and extensions are used on encrypted files. The decoder for Xorist was provided by Emsisoft in May 2016.
MortalKombat was deployed in recent attacks carried out by a threat actor as part of a phishing campaign against multiple organizations. Cybersecurity firm Cisco Talos describes MortalKombat encrypting various files on the victim’s system, from application system files, databases, backups, and virtual machines…
This ransomware doesn’t delete drive clones, but it corrupts Windows Explorer, disables the Run command window, and removes all applications and folders from the Windows startup process. It also corrupts deleted files in the Recycle Bin, changes names, and file types, modifies the Registry
Bitdefender said that based on Xorist, MortalKombat spreads through phishing emails and targets exposed computers via RDP. This ransomware isn’t the only Xorist variant to emerge in the past few months. In November 2022, Fortinet FortiGuard Labs published a version of the malware with a ransom note in Spanish.
Before Bitdefender, Avast also provided free decryptor for BianLian ransomware to help victims recover locked files without paying ransom