New ransomware targets systems in the U.S.

vtqhtr413

vtqhtr413

Level 27
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Aug 17, 2017
1,280
17,222
2,568
Content source
https://www.bleepingcomputer.com/news/security/new-mortalkombat-ransomware-targets-systems-in-the-us/
Hackers conducting a new financially motivated campaign are using a variant of the Xortist commodity ransomware named 'MortalKombat,' together with the Laplas clipper in cyberattacks. Both malware infections are used to conduct financial fraud, with the ransomware used to extort victims to receive a decryptor and Laplas to steal cryptocurrency by hijacking crypto transactions. Laplas is a cryptocurrency hijacker released last year that monitors the Windows clipboard for crypto addresses and, when found, substitutes them for addresses under the attacker's control. As for MortalKombat, Cisco Talos says the new ransomware is based on the Xorist commodity ransomware family, which utilizes a builder that lets threat actors customize the malware. Xorist has been decryptable for free since 2016.
Click to expand...
www.bleepingcomputer.com

New ‘MortalKombat’ ransomware targets systems in the U.S.

Hackers conducting a new financially motivated campaign are using a variant of the Xorist commodity ransomware named 'MortalKombat,' together with the Laplas clipper in cyberattacks.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: SeriousHoax, harlan4096, simmerskool and 5 others
giphy (90).gif
 
  • HaHa
  • Like
  • Applause
Reactions: harlan4096, blackice, [correlate] and 6 others
Although the ransomware portion is rather a yawner, the extension of encrypted files was different:
photo.JPG..Remember_you_got_only_24_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_Mortal_Kombat_Ransomware
 
  • HaHa
  • Thanks
  • Like
Reactions: harlan4096, blackice, Zero Knowledge and 4 others
Almost all ransomware attacks can be easily prevented (especially at home) by standard AV + shortcut/script restrictions and MS Office hardening. The real problem can be when people intentionally download pirated content or try to find something fortunate/rare/uncommon on the Internet. In the first case, one can expect that the protection will complain so it is possible that the protection will be intentionally decreased/ignored. In the second case, one can be a victim of fake web pages with malicious content - the fake web pages will be high on Google search results.
In both cases, the attack can work because the victim believes that the detection/block is most probably a false positive.

Of course, there are some other possibilities for infections (malvertising, phishing, etc.), but the chances are relatively much lower, especially when users do not decrease the protection.
 
Last edited:
  • Like
Reactions: simmerskool, ForgottenSeer 72227, Gandalf_The_Grey and 2 others
You must log in or register to reply here.

You may also like...