Ransomware - MortalKombat

MortalKombat
Decryptor Available
Yes
Description

MortalKombat doesn't cause the same brutality that has been made famous by the fighting video game of the same name, which it uses as inspiration. Rather, the creators of this ransomware used the aging, leaked Xorist ransomware builder that has been pumping out variants since at least 2010. The builder allows users to use either an XOR cipher or the 128-bit version of the Tiny Encryption Algorithm (TEA-128). In this case, the creators of MortalKombat used the XOR cipher option.

Interestingly, the ransom note dropped by the ransomware hints that the authors used Cerber to create the ransomware. However, evidence and artifacts within the samples indicate that the ransomware was created using the Xorist builder. It's uncertain if the ransomware authors copied this from the Cerber variant of Xorist or if there is some code reuse from another ransomware named Cerber. BitDefender created a decryptor for this specific variant of Xorist, adding to the long list of decryptable ransomware created from the Xorist builder. When executed, the malware drops a traditional ransom note and then changes the victim's wallpaper to display the cover of the Mortal Kombat 11 Deluxe video game.

Ransomware Type
Crypto-Ransomware
First Seen
Last Seen
Extortion Types
Direct Extortion
Extortion Price Increases
Communication
Medium
Identifier
Tox
Encryption
Type
Other
Files
XOR
File Extension
<file name>.Remember_you_got_only_24_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_Mortal_Kombat_Ransomware
Ransom Note Name
HOW TO DECRYPT FILES.txt
Samples (SHA-256)
aab1afbc7706030c1b710c6ae0873fd22de1190604301d0df17e1acae972ef7c
e5f60df786e9da9850b7f01480ebffced3be396618c230fa94b5cbc846723553