The Romanian cybersecurity company Bitdefender has released a free decryption tool for MortalKombat, a months-old ransomware strain that mainly targets cryptocurrency users.
MortalKombat, which takes its name from the popular video game franchise, was first observed by Cisco Talos researchers in January. The researchers claimed that the gang, with economic motivations, had been deploying the ransomware to steal cryptocurrency from victims in the United States, United Kingdom, the Philippines, and Turkey.
MortalKombat ransomware is typically spread via phishing emails in which attackers impersonate CoinPayments, a legitimate global cryptocurrency payment gateway. Once installed on the victim's machine, the malware searches for cryptocurrency wallets on the device and monitors the computer's clipboard for wallet addresses. If it finds a wallet address, it sends it to the attacker's server and replaces it with an address controlled by the attacker in an attempt to hijack future transactions.
Although it has only been active for a few months, Bitdefender announced that it had released a free decryptor for MortalKombat, allowing ransomware victims to decrypt their encrypted files for free.
Bitdefender says it has also been watching MortalKombat since January, but said the scale of the threat remains unknown.
"This is an emerging piece of ransomware that is still being distributed at the time of this writing," said Bogdan Botezatu, director of threat research and reporting at Bitdefender. “We do not have enough data at this time to estimate the magnitude of the attack. We will be able to provide more data on victimology and geographic distribution once the existing victim pool downloads the tool and remediates the infections.”
Botezatu added that it's also unclear how much the hackers behind MortalKombat have extorted from their victims. “Once the encryption process is complete, there is no charge up front,” says Botezatu. Instead, the victim is asked to download an encrypted chat client called qTox and contact the operator to negotiate payment in Bitcoin. We believe that the ransom demanded varies from infection to infection depending on how important the ransomed data is to the user or to the business."
Bitdefender declined to say how it obtained the keys to create the MortalKombat decryptor or if it had the help of law enforcement.
To date, the cybersecurity company has released 32 decryptors, including those from GandCrab, Darkside, LockerGoga, MegaCortex, and REvil, and estimates that it has helped save some $1.600 billion worth of ransomware victims in total.