Security Affairs
Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware, the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom. Since December 2022, Cisco Talos researchers have been observing an unidentified financially […]

MortalKombat ransomware

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat.

Good news for the victims of the recently discovered MortalKombat ransomware, the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Since December 2022, Cisco Talos researchers have been observing an unidentified financially motivated threat actor deploying two new malware, the MortalKombat ransomware and a GO variant of the Laplas Clipper malware.

The similarities in code, class name, and registry key strings, led the experts in assessing with high confidence that the MortalKombat ransomware belongs to the Xorist ransomware family.

Threat actors use a multi-stage attack chain that begins with a phishing email with a ZIP attachment containing a BAT loader script.

“Once executed, MortalKombat Ransomware encrypts data and generates files with a specific extension: ..Remember_you_got_only_24_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_Mortal_Kombat_Ransomware. It also changes the desktop wallpaper to give it a Mortal Kombat theme and generates a ransom note called HOW TO DECRYPT FILES.txt.” reads the post published by Bitdefender.

MortalKombat first appeared on the threat landscape in January 2023, it targets various files on the victim machine’s filesystem, such as system, application, database, backup, and virtual machine files, as well as files on the remote locations mapped as logical drives. 

Unlike other ransomware families, MortalKombat did not show any wiper behavior or delete the volume shadow copies on the infected system. It corrupts Windows Explorer, removes applications and folders from Windows startup, and disables the Run command window, making the system inoperable.

MortalKombat ransomware

The ransom note instructs the victim to contact the attacker through the qTOX instant messaging application.

Most of the victims are located in the U.S., but experts observed limited infections in the United Kingdom, Turkey, and the Philippines.

The tool released by Bitdefender works against the current version of MortalKombat, it can be downloaded here.

The company pointed out that the decryptor can also be executed silently via a command line, which can be useful to automate the deployment of the tool inside a large network.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)