(Image credit: iStock)
Bitdefender, a cybersecurity firm, has released a free MortalKombat ransomware decryptor that victims can use to restore their files without having to pay a ransom. The release of a working decryptor for the specific strain follows its original appearance in January 2023, when Cisco Talos stated that it was primarily targeting systems in the United States.
MortalKombat distributors send emails containing malicious ZIP files containing BAT loader scripts to random users. When the script is run, it will download and activate the ransomware binary as well as the Laplas Clipper on the system. This rapid breaking is most likely due to MortalKombat's use of Xorist, a commodity ransomware family that has been decryptable since 2016.
The MortalKombat decryptor is a stand-alone executable that does not need to be installed on compromised devices. It offers to scan the complete filesystem for MortalKombat-infected files, but the user can also specify a particular location containing backed-up encrypted data.
Users can also make backups of encrypted files so that they don't end up with corrupted and irrecoverable data if the decryption process fails. Furthermore, there is an option to replace previously decrypted files with new, clean versions, which are the result of partly successful decryption efforts.
Bitdefender's MortalKombat ransomware decryptor (BleepingComputer)
Bitdefender's announcement also emphasises the tool's ability to operate from the command line, making it suitable for businesses that may need to perform mass-decryption projects on large networks or data recovery on corrupted operating systems.
The decryptor's standard command-line example is "BDMortalKombatDecryptTool.exe start -full-scan -replace-existing", which forces the decryptor to scan the complete filesystem and overwrite existing files with clean versions.
It should be noted that in many instances, the MortalKombat ransomware operator was seen dropping a copy of the Laplas clipboard hijacker on the target computers. If you have a MortalKombat infection, you should also check your system for Laplas remains.
Because Laplas is a separate malware infection that can be detected using general-purpose antivirus software, Bitdefender's decryptor cannot find and remove it. Avoid downloading files from unknown sources or attachments from unsolicited emails to reduce the risk of ransomware and malware attacks.
Please do not enter any spam link in the comment box.