Cybersecurity company Bitdefender has released a free MortalKombat ransomware decryptor that victims can use to restore their files without paying a ransom.

The release of a working decryptor for the particular strain comes very soon after its initial appearance in January 2023, when Cisco Talos reported that it primarily targeted systems in the United States.

MortalKombat distributors target random users with emails containing malicious ZIP attachments containing BAT loader scripts. When the script is launched, it downloads the ransomware binary and the Laplas Clipper and executes them on the system.

This rapid cracking is probably due to the fact that MortalKombat is based on Xorist, a family of basic ransomware decipherable since 2016.

The MortalKombat decryptor is a standalone executable that does not require installation on infected devices. It offers to scan the entire file system to locate MortalKombat infected files, but the user can also set a specific location with saved encrypted data.

The software also allows users to create a backup of the encrypted files so that they don’t end up with corrupted and unrecoverable data in case something goes wrong with the decryption process.

MortalKombat Decryptor
Bitdefender’s decryptor for MortalKombat ransomware (Computer Beep)

Additionally, there is an option to replace previously decrypted files, products of partially successful decryption attempts, with new, clean versions.

by Bitdefender announcement also highlights the tool’s ability to run from the command line, making it suitable for businesses that may need to conduct mass decryption projects over large networks or data recovery on corrupt operating systems.

An example of a standard command line for the decryptor would be “BDmortalKombatDecryptTool.exe start -full-scan -replace-existing”which causes the decryptor to scan the entire file system and overwrite existing files with clean versions.

It should be noted that the MortalKombat ransomware operator has been observed dropping a copy of the Laplas Clipboard Hacker on the target machines in many cases. So, if you are dealing with a MortalKombat infection, you should also scan your system for Laplas remnants.

Bitdefender’s decryptor cannot locate and unroot Laplas files, as it is a separate malware infection that can be detected using general-purpose anti-virus software.

To minimize the risk of ransomware and malware infection, avoid downloading files from obscure sources or attachments from unsolicited emails.



Source link