MortalKombat doesn't cause the same brutality that has been made famous by the fighting video game of the same name, which it uses as inspiration. Rather, the creators of this ransomware used the aging, leaked Xorist ransomware builder that has been pumping out variants since at least 2010. The builder allows users to use either an XOR cipher or the 128-bit version of the Tiny Encryption Algorithm (TEA-128). In this case, the creators of MortalKombat used the XOR cipher option.
Interestingly, the ransom note dropped by the ransomware hints that the authors used Cerber to create the ransomware. However, evidence and artifacts within the samples indicate that the ransomware was created using the Xorist builder. It's uncertain if the ransomware authors copied this from the Cerber variant of Xorist or if there is some code reuse from another ransomware named Cerber. BitDefender created a decryptor for this specific variant of Xorist, adding to the long list of decryptable ransomware created from the Xorist builder. When executed, the malware drops a traditional ransom note and then changes the victim's wallpaper to display the cover of the Mortal Kombat 11 Deluxe video game.
