Romanian cybersecurity firm Bitdefender has released a free decryption tool for MortalKombat, a months-old strain of ransomware targeting predominantly cryptocurrency users.
MortalKombat, named after the popular video game franchise, was first observed by Cisco Talos researchers in January. The researchers said that the financially motivated gang had been deploying the ransomware to steal cryptocurrency from victims in the United States, the United Kingdom, the Philippines and Turkey.
The MortalKombat ransomware is typically spread via phishing emails in which the attackers impersonate CoinPayments, a legitimate global cryptocurrency payment gateway. Once installed on a victim’s machine, the malware seeks out cryptocurrency wallets on the device and monitors the computer’s clipboard for wallet addresses. If a wallet address is found, the address is sent to the attacker’s server and substituted with an attacker-controlled address in an attempt to hijack future transactions.
Though it’s only been active for a few months, Bitdefender on Tuesday announced that it had released a free decryptor for MortalKombat, enabling victims of the ransomware to unscramble their encrypted files for free.
Bitdefender tells TechCrunch that it has also been observing the MortalKombat since January, but said the magnitude of the threat remains unknown.
“This is an emerging piece of ransomware that is still distributed at the moment of writing,” Bogdan Botezatu, director of threat research and reporting at Bitdefender, told TechCrunch. “We don’t have sufficient data at this point to estimate the magnitude of the attack. We will be able to offer more data about victimology and geographic distribution once the existing pool of victims download the tool and remediate infections.”
Botezatu added that it’s also unclear how much the hackers behind MortalKombat have extorted from its victims. “There is no upfront fee once the encryption process is finished,” Botezatu said. “Instead, the victim is instructed to download an encrypted chat client called qTox and get in touch with the operator to negotiate a Bitcoin payment. We believe that the demanded ransom varies from infection to infection based on how important the ransomed data is to the user or to the business.”
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Bitdefender declined to say how it obtained the keys to create the MortalKombat decryptor or whether it was assisted by law enforcement.
To date, the cybersecurity company has released 32 decryptors, including ones for GandCrab, Darkside, LockerGoga, MegaCortex and REvil, and estimates that it’s helped to save ransomware victims some $1.6 billion in total.
Read more:
