Ransomware scammers in the US have incorporated the classic gore-filled videogame Mortal Kombat into their latest attempts to relieve unlucky victims of their bitcoin.
As reported by PCMag, the attack targeted Windows computers via emails purporting to be from crypto wallet and payment platform CoinPayments. The emails informed users that their attempted payments “timed out” before a malicious ZIP file locked their computers and presented a Mortal Kombat-themed ransom note.
This note directed them to a messaging app through which they could contact the attackers and pay the bitcoin needed to unlock their files.
According to communication giant Cisco’s cybersecurity division Talos, the attack targeted all types of users, from large corporations to individuals.
In a report, Talos said, “MortalKombat did not show any wiper behavior or delete the volume shadow copies on the victim’s machine. Still, it corrupts Windows Explorer, removes applications and folders from Windows startup, and disables the Run command window on the victim’s machine, making it inoperable,” (via PCMag).
According to Talos, the malicious ZIP file used also carried another piece of malware called Laplas Clipper, designed to drain victims’ crypto wallets.
“Laplas Clipper will monitor the clipboard of an infected computer for any cryptocurrency wallet addresses,” said the Talos report.
“Once the malware finds the victim’s wallet address, it sends it to the attacker-controlled Clipper bot, which will generate a lookalike wallet address and overwrite it to the victim’s machine’s clipboard.”
The scam has been running since December and also targeted users in the UK, Turkey, and the Philippines.