A new ransomware strain known as MortalKombat has emerged, targeting Windows systems in the United States. This ransomware strain, which was first discovered by threat researchers in January 2023, has been named after the popular fighting video game, Mortal Kombat. The ransomware strain shares similarities with an old ransomware family known as Xorist, which first emerged in 2010 and targets Windows systems.

Clever, but not that clever

The MortalKombat ransomware is not very sophisticated and targets not only files but also system files and applications. It has the ability to corrupt Windows Explorer, remove applications and folders from Windows, and encrypt all the files onboard a victim’s computer, including virtual machine files and files in the recycle bin. However, MortalKombat does not show any wiper behavior or delete the volume shadow copies on the victim’s machine.

One of the most concerning features of the MortalKombat ransomware is its add-on of Laplas, which has the ability to steal cryptocurrency by replacing the crypto address on the victim’s computer. This feature makes MortalKombat even more dangerous, as it not only encrypts a victim’s files but also steals their cryptocurrency.

According to Cisco Talos, the security firm that discovered MortalKombat, the ransomware can wipe off the data of the victim if they fail to pay the demanded ransom on time. The researchers also note that little is known about the developers and operating model of the ransomware strain.

Ransomware note is normally displayed with Mortal Kombat art

The MortalKombat ransomware is spread through phishing emails and malicious downloads. Once the ransomware enters a system, it will begin to encrypt all the files on the computer, and a ransom note will be displayed. The ransom note/wallpaper that accompanies MortalKombat includes art from the Mortal Kombat franchise.

The ransom note instructs the victim to pay a certain amount of cryptocurrency within a specific time frame to receive the decryption key. The amount demanded varies, but it is typically around $500 in Bitcoin or other cryptocurrencies.

Victims of the MortalKombat ransomware are advised not to pay the ransom demanded by the attackers, as there is no guarantee that the attackers will provide the decryption key or release the files. Furthermore, by paying the ransom, victims are only funding the attackers’ criminal activities.

Instead, victims are advised to contact their local law enforcement agency or cybersecurity experts to assist in the recovery of their files. They can also use backup files or data recovery software to restore their files.

To prevent falling victim to the MortalKombat ransomware, users are advised to practice safe browsing habits, including being cautious when opening email attachments or clicking on links. They should also ensure their antivirus software is up to date, and their systems are regularly backed up.