Bitdefender delivered a potential finishing move on the new MortalKombat ransomware.
The Romanian cybersecurity vendor published a free decryptor Tuesday for the current version of Mortal Kombat ransomware. BitDfender noted that the decryption tool can be run silently through a command line, which could facilitate automated deployment in a large network.
MortalKombat was first observed in January by Cisco Talos researchers, who documented the new ransomware strain in a report earlier this month. The ransomware takes its name from the popular fighting video game franchise "Mortal Kombat," which features finishing moves commonly known as "fatalities." The ransomware changes desktop wallpaper on infected systems to Mortal Kombat-themed images.
According to Cisco Talos, the ransomware was first deployed as part of a financially motivated campaign that also used a new GO version of the Laplas Clipper malware to steal cryptocurrency primarily from individuals and organizations in the U.S. Researchers also assessed with "high confidence" that MortalKombat is based on Xorist, an older ransomware family first detected in 2010.
Like Cisco Talos, Bitdefender warned that MortalKombat actors have used phishing emails and exposed remote desktop protocol instances to access targeted systems, and BatLoader malware to deliver the ransomware payload.
The MortalKombat decryptor is the latest such tool developed by Bitdefender, which also cracked versions of REvil and GandCrab ransomware. Ransomware decryption tools have become somewhat common in recent years, thanks to the work of security vendors such as Avast, Emsisoft and Kaspersky Lab, as well as government initiatives such as the No More Ransom project.
Rob Wright is a longtime technology reporter who lives in the Boston area.