Star Trek-Themed ‘Kirk’ Ransomware Beams Down With 'Spock' Decryptor

by Brandon Hill — Friday, March 17, 2017, 11:16 AM EDT

Set phasers to stun! New ransomware is making the rounds today, and it is adopting a Star Trek theme. Avast researcher Jakub Kroustek is credited with tracking down the Kirk ransomware, which wreaks havoc by encrypting your precious files and demanding payment to get those files back.

Unlike other ransomware, which often demands payment in the form of Bitcoins, Kirk instead insists that you fork over Monero, a cryptocurrency that is based on the CryptoNote protocol. According to BleepingComputer, this is the first ransomware to be tied to Monero.

“The problem is that [Monero] is only going to confuse victims even more,” writes BleepingComputer. “By introducing a new cryptocurrency into the mix, victims are just going to become more confused and make paying ransoms even more difficult.”

Kirk finds its way onto PCs by disguising itself as a popular network stress testing application called Low Orbital Ion Cannon (LOIC). After LOIC (which carries the filename loic_win32.exe) is activated, Kirk will then generate an AES password (which is encrypted with an RSA-4096 public encryption key) that encrypts files on the target PC.

Kirk currently will encrypt 625 different file types, and will append .kirk to the end of any file that matches.

So, how do you get your files back? Well, the ransom is 50 Monero (just over $1,100) if you pay within two days. If the ransom is not paid within that two-day time frame, the ransom doubles to 100. It doubles again to 200 during days 8 through 14, and rises to 500 Monero on days 15 through 30. If you haven’t paid the ransom after 31 days, the password decryption key is permanently deleted — that also means that your files will boldly go where no man has gone before.

If you do choose to pay the ransom, the Stark Trek references continue, as you will [allegedly] be provided with a program called “Spock” that will decrypt your files.

There are currently no known infections of Kirk that have been reported at this time, but be careful out there lest you become the first redshirt to bite the dust.

(Images Courtesy: Jakub Kroustek/Twitter)

Tags: Ransomware, spock, kirk, monero

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

Which New GPU Is For You?

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now