Security News > 2023 > February > Cryptocurrency users in the US hit by ransomware and Clipper malware

A new attack campaign launched by an unknown threat actor targets the U.S. with two malware families: MortalKombat ransomware and Laplas Clipper.

Figure A. Once executed, the loader downloads another ZIP file from a server belonging to the attackers' infrastructure, whose content might be MortalKombat ransomware or Laplas Clipper malware.

All encrypted files receive a new file extension - Remember you got only 24 hours to make the payment if you dont pay prize will triple Mortal Kombat Ransomware - and the same ransom note file is created in every folder where files are encrypted.

The Cisco Talos researcher found similarities between MortalKombat ransomware and a much older ransomware dubbed Xorist, which appeared in 2010 and has been widely used to create ransomware variants.

A particular Alcmeter registry key string and a ClassName string X0r157 are markers of the Xorist ransomware and have been found in the code of the MortalKombat ransomware.

The Laplas Clipper malware version Cisco Talos found was developed in the Go programming language, but previous versions have used other languages including VB.NET. The malware embeds encrypted strings that are decrypted in the initial phase of execution of the malware.

News URL

https://www.techrepublic.com/article/cryptocurrency-users-ransomware-malware/