Security News > 2023 > February > Cryptocurrency users in the US hit by ransomware and Clipper malware
A new attack campaign launched by an unknown threat actor targets the U.S. with two malware families: MortalKombat ransomware and Laplas Clipper.
Figure A. Once executed, the loader downloads another ZIP file from a server belonging to the attackers' infrastructure, whose content might be MortalKombat ransomware or Laplas Clipper malware.
All encrypted files receive a new file extension - Remember you got only 24 hours to make the payment if you dont pay prize will triple Mortal Kombat Ransomware - and the same ransom note file is created in every folder where files are encrypted.
The Cisco Talos researcher found similarities between MortalKombat ransomware and a much older ransomware dubbed Xorist, which appeared in 2010 and has been widely used to create ransomware variants.
A particular Alcmeter registry key string and a ClassName string X0r157 are markers of the Xorist ransomware and have been found in the code of the MortalKombat ransomware.
The Laplas Clipper malware version Cisco Talos found was developed in the Go programming language, but previous versions have used other languages including VB.NET. The malware embeds encrypted strings that are decrypted in the initial phase of execution of the malware.
News URL
https://www.techrepublic.com/article/cryptocurrency-users-ransomware-malware/
Related news
- Ransomware fiends boast they've stolen 1.4TB from US pharmacy network (source)
- US charges Phobos ransomware admin after South Korea extradition (source)
- Phobos ransomware administrator faces US cybercrime charges (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- US government, energy sector contractor hit by ransomware (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)