September 27, 2023

Bitdefender has released decryptor for MortalKombat ransomware variant. Victims can avail themselves of this lifeline to decrypt their data for free.

Like Xorist ransomware, MortalKombat spreads through phishing emails and targets exposed RDP instances. The malware gets planted through the BAT Loader, which also delivers the Laplas Clipper malware.


MortalKombat Ransomware is based on Xorist codebase, which is likely enabled to provide a decryption key in record time. Xorist is a commodity ransomware family for which a decryptor has been available for several years.

Victims had their data encrypted, and files were generated with an unusually long extension: “Remember_you_got_only_24_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_Mortal_Kombat_Ransomware.” They also found the desktop wallpaper changed to a Mortal Kombat theme and a ransom note titled: “How to decrypt files.txt.”

The original MortalKombat threat actor was also observed dropping the Laplas Clipper clipboard stealer malware to target cryptocurrency users.


Once the malware finds the victim’s wallet address, it sends it to the attacker-controlled Clipper bot, which will generate a lookalike wallet address and overwrite it to the victim’s machine’s clipboard and If victims subsequently attempt to use the lookalike wallet address while performing transactions, the result will be a fraudulent cryptocurrency transaction.

Thid latest decryption key release comes after a similar kind of tool designed to help victims of the MegaCortex ransomware variant that was published in January this year.

Leave a Reply

%d bloggers like this: