Key

Cybersecurity company Bitdefender has released a free MortalKombat ransomware decryptor that victims can use to restore their files without paying a ransom.

The release of a working decryptor for the particular strain comes very soon after its initial appearance in January 2023, when Cisco Talos reported that it was predominately targeting systems in the United States.

MortalKombat distributors target random users with emails containing malicious ZIP attachments containing BAT loader scripts. When the script is launched, it will download the ransomware binary and the Laplas Clipper and execute them on the system.

This quick cracking is likely because MortalKombat is based on Xorist, a commodity ransomware family decryptable since 2016

The MortalKombat decryptor is a standalone executable that needs no installation on infected devices. It offers to scan the entire filesystem to locate files infected by MortalKombat, but the user may also define a specific location holding backed-up encrypted data.

The software also allows users to create a backup of encrypted files so they don't end up with corrupted and irrecoverable data if something goes wrong with the decryption process.

MortalKombat decryptor
Bitdefender's decryptor for MortalKombat ransomware (BleepingComputer)

Moreover, there’s an option to replace previously decrypted files, products of partially successful decryption attempts, with new, clean versions.

Bitdefender's announcement also highlights the tool's capability to run from the command line, which makes it suitable for companies that may need to conduct mass-decryption projects on large networks or data recovery on corrupted operating systems.

A standard command-line example for the decryptor would be “BDMortalKombatDecryptTool.exe start -full-scan -replace-existing”, which causes the decryptor to scan the entire filesystem and overwrite existing files with clean versions.

It should be noted that the operator of MortalKombat ransomware was observed dropping a copy of the Laplas clipboard hijacker on the target machines in many cases. So, if you are dealing with a MortalKombat infection, you should also scan your system for Laplas remnants.

Bitdefender's decryptor cannot locate and uproot Laplas files, as this is a separate malware infection that can be detected using general-purpose antivirus software.

To minimize the risk of ransomware and malware infections, avoid downloading files from obscure sources or attachments from unsolicited emails.

Related Articles:

LockBit ransomware secretly building next-gen encryptor before takedown

Critical infrastructure software maker confirms ransomware attack

Free Rhysida ransomware decryptor for Windows exploits RNG flaw

Online ransomware decryptor helps recover partially encrypted files

INC Ransom threatens to leak 3TB of NHS Scotland stolen data