Security News > 2023 > February > New ‘MortalKombat’ ransomware targets systems in the U.S.
Hackers conducting a new financially motivated campaign are using a variant of the Xortist commodity ransomware named 'MortalKombat,' together with the Laplas clipper in cyberattacks.
As for MortalKombat, Cisco Talos says the new ransomware is based on the Xorist commodity ransomware family, which utilizes a builder that lets threat actors customize the malware.
MortalKombat is a Xorist ransomware variant first discovered in January 2023, named after the popular fighting video game and featuring a ransom note/wallpaper that includes art from the franchise.
Talos analysts report that the particular ransomware isn't very sophisticated as it will target system files and applications too, which are commonly avoided to prevent the system from becoming unstable.
The attacker also provides a ProtonMail email address if the victim has trouble registering a new account on qTOX. Although MortalKombat does not feature wiper functionality, it corrupts system folders like the Recycle Bin so that the victims cannot retrieve files from there, disables the Windows Run command window, and removes all entries from Windows startup.
Cisco's analysts do not know what the operational model of MortalKombat ransomware is, and whether it is the custom strain of a lone threat actor or is sold to other cybercriminals like Laplas.