Fatality: ‘Mortal Kombat’ Ransomware Targets Windows Systems in US

Hackers have decided to incorporate the video game Mortal Kombat into a new ransomware attack that’s been targeting Windows computers in the US. 

Since last month, the ransomware has been spotted targeting individual users, small businesses, and large companies, according(Opens in a new window) to a report from Cisco’s Talos cybersecurity division. 

Infected computers will generate a ransom note that features a wallpaper image from the game Mortal Kombat 11.  The same note will demand victims contact the hackers through an instant messaging app and pay up in Bitcoin to free the computer. 

(Credit: Cisco Talos)

Hackers are currently delivering the ransomware through phishing emails that impersonate the cryptocurrency platform CoinPayments. The email will claim the user’s cryptocurrency payment “timed out” while including a malicious ZIP file in the attachment.

The malicious ZIP file will contain “a filename resembling a transaction ID mentioned in the email body, enticing the recipient to unzip the malicious attachment and view the contents,” Cisco Talos notes. But in reality, the contents of the ZIP can trigger a computer to download the Mortal Kombat ransomware or another malware strain known as Laplas Clipper, which is designed to steal cryptocurrency from a victim’s digital wallet.

(Credit: Cisco Talos)

The Mortal Kombat ransomware will then encrypt all the files onboard a victim’s computer, including virtual machine files and files in the recycle bin.

“MortalKombat did not show any wiper behavior or delete the volume shadow copies on the victim’s machine. Still, it corrupts Windows Explorer, removes applications and folders from Windows startup, and disables the Run command window on the victim’s machine, making it inoperable,” Cisco Talos says. 

Laplas Clipper, on the other hand, will monitor the clipboard of an infected computer for any cryptocurrency wallet addresses. “Once the malware finds the victim’s wallet address, it sends it to the attacker-controlled Clipper bot, which will generate a lookalike wallet address and overwrite it to the victim’s machine’s clipboard,” Cisco Talos said.

Hence, the next time the victim transfers funds to their cryptocurrency wallet, they’ll have been duped into sending it to the hacker’s lookalike wallet. 

(Credit: Cisco Talos)

“Talos continues to see attack campaigns targeting individuals, small businesses, and large organizations that aim to steal or demand ransom payments in cryptocurrency,” the cybersecurity division adds. So to stay safe, potential targets should be on guard against phishing emails, install strong antivirus, and create offline backups to critical systems and files. 

The report adds that the Mortal Kombat ransomware, although new, shares similarities with an old ransomware family known as Xorist, which first emerged in 2010 and targets Windows systems.