"New 'MortalKombat' Ransomware Targets Systems in the US"

In a new financially driven cyberattack campaign, hackers are using a variant of the Xorist commodity ransomware named 'MortalKombat' along with the Laplas clipper. Both malware infections are used to carry out financial fraud, with the ransomware extorting victims and Laplas hijacking cryptocurrency transactions to steal cryptocurrency. Last year, Laplas was released, acting as a cryptocurrency hijacker that monitors the Windows clipboard for cryptocurrency addresses and, if detected, replaces them with ones under the attacker's control. Regarding MortalKombat, Cisco Talos reports that the new ransomware is based on the Xorist commodity ransomware family, which uses a builder to allow threat actors to modify the malware. Since 2016, Xorist has been decryptable for free. The majority of the victims of the attacks seen by Talos researchers were located in the US, with others in the UK, Turkey, and the Philippines. This article continues to discuss findings surrounding the new MortalKombat ransomware.

Bleeping Computer reports "New 'MortalKombat' Ransomware Targets Systems in the US"