Star Trek-Themed ‘Kirk’ Ransomware Beams Down With 'Spock' Decryptor

Set phasers to stun! New ransomware is making the rounds today, and it is adopting a Star Trek theme. Avast researcher Jakub Kroustek is credited with tracking down the Kirk ransomware, which wreaks havoc by encrypting your precious files and demanding payment to get those files back.

Unlike other ransomware, which often demands payment in the form of Bitcoins, Kirk instead insists that you fork over Monero, a cryptocurrency that is based on the CryptoNote protocol. According to BleepingComputer, this is the first ransomware to be tied to Monero.

kirk ransomware

“The problem is that [Monero] is only going to confuse victims even more,” writes BleepingComputer. “By introducing a new cryptocurrency into the mix, victims are just going to become more confused and make paying ransoms even more difficult.”

Kirk finds its way onto PCs by disguising itself as a popular network stress testing application called Low Orbital Ion Cannon (LOIC). After LOIC (which carries the filename loic_win32.exe) is activated, Kirk will then generate an AES password (which is encrypted with an RSA-4096 public encryption key) that encrypts files on the target PC.

Kirk currently will encrypt 625 different file types, and will append .kirk to the end of any file that matches.

kirk ransomware

So, how do you get your files back? Well, the ransom is 50 Monero (just over $1,100) if you pay within two days. If the ransom is not paid within that two-day time frame, the ransom doubles to 100. It doubles again to 200 during days 8 through 14, and rises to 500 Monero on days 15 through 30. If you haven’t paid the ransom after 31 days, the password decryption key is permanently deleted — that also means that your files will boldly go where no man has gone before.

If you do choose to pay the ransom, the Stark Trek references continue, as you will [allegedly] be provided with a program called “Spock” that will decrypt your files.

There are currently no known infections of Kirk that have been reported at this time, but be careful out there lest you become the first redshirt to bite the dust.

(Images Courtesy: Jakub Kroustek/Twitter)


Show comments blog comments powered by Disqus