BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • U.S. organizations have fallen victim to the new MortalKombat ransomware

    Numerous organizations in the US, UK, Turkey and the Philippines have been targeted by a new ransomware program that cybersecurity researchers have dubbed MortalKombat.

    Cisco Talos experts are tracking down an unknown group that deployed MortalKombat and also developed a new cryptocurrency-stealing malware called Laplas Clipper. Most of the victims of the campaign were in the US. Cisco researchers linked two URLs to the campaign, one of which leads to a C2 server in Poland.

    Mortal Kombat was first discovered in January 2023, and nothing is known about its developers or operating model at this time. The name of the ransomware and the wallpaper it drops on the victim system are a reference to the Mortal Kombat media franchise, according to analysts.

    The ransomware encrypts various files on the victim's system:

    • system files;
    • application files;
    • database files, backups and virtual machines;
    • files in remote locations that appear as logical drives.

    According to a Cisco Talos report, a ransomware group is scanning the Internet for organizations that have left RDP protocols open. Thus, the victims of the attacks were individuals, small businesses and large organizations.

    Other attacks in the campaign start with phishing emails accompanied by a ZIP archive. When opened, Laplas Clipper malware or MortalKombat ransomware are deployed and then removed to cover their tracks and make analysis difficult.

    In one email, hackers posed as crypto-currency platform CoinPayments. In the email, the ZIP archive allegedly contained information about a specific transaction, prompting the victim to open it. When the archive is opened, MortalKombat starts, changes the wallpaper of the victim's computer, crashes Windows Explorer, and removes some applications.

    Among other similarities, the code similarity indicates that the ransomware belongs to the Xorist family, which has existed since 2010, the researchers said. The ease of customization of Xorist allows cybercriminals to create new variants with different names, file extensions, and ransom notes.

    Along with MortalKombat, researchers found Laplas Clipper malware, which they previously identified in a November 2022 attack. Unlike standard clippers, which simply change the recipient's copied wallet address to the attacker's, Laplas Clipper uses an address very similar to the one the user copied. This process takes place on the attacker's server, so the exact mechanism remains unknown.

    In about a week, the number of Laplas Clipper samples went from 20 to 55 per day at the end of October. Then the researchers concluded that Laplas Clipper is distributed through Smoke Loader and Raccoon Stealer, which indicates the increased attention of the cybercriminal community to this program. Developers MortalKombat and Laplas Clipper have stated on Telegram that they are making new variants of Laplas Clipper and plan to release updates in the coming months.

    Author DeepWeb
    The new Beep malware is almost impossible to detect
    Botnet MyloBot is rapidly spreading around the world

    Comments 0

    Add comment