U.S. organizations have been the primary target of the novel MortalKombat ransomware but entities in the U.K., Turkey, and the Philippines have also been compromised by the ransomware strain, which was initially discovered last month, reports The Record, a news site by cybersecurity firm Recorded Future. MortalKombat ransomware operators have developed the ransomware to facilitate the encryption of different files, as well as scanning for organizations with exposed remote desktop protocols to enable attacks against major enterprises, small businesses, and individuals, according to a report from Cisco Talos. Phishing emails have also been employed by the attackers to spread the ransomware or the Laplas Clipper malware, which they also developed. Researchers also found code similarities between MortalKombat and the Xorist ransomware family. "The ease with which the Xorist variants can be customized allows threat actors to build new variants with different names, encryption file extensions, and custom ransom notes. Talos found a leaked version of the Xorist builder where the builder interface options closely resembled an actual Xorist ransomware builder interface, as shown in a report by PCrisk. The builder generates a ransomware executable file that the attackers can further customize," said researchers.