Star Trek-themed Kirk ransomware has Spock decryptor, demands ransom be paid in Monero

While you may want to live long and prosper, you don’t want to be “kirked” – an extension added to files encrypted by the new Star Trek-themed Kirk ransomware.

Kirk ransomware, which was discovered by Avast malware researcher Jakub Kroustek, doesn’t want the ransom to be paid in bitcoin; Bleeping Computer said it “may be the first ransomware to utilize Monero as the ransom payment of choice.”

It is not known how the ransomware is being distributed, but researchers know that Kirk ransomware masquerades as the Low Orbital Ion Cannon network stress tool; LOIC was once favored for denial of service attacks. The fake version sports the LOIC slogan, “When harpoons, air strikes and nukes fail,” and claims to be initializing once executed.

In reality, once executed, the ransomware generates an AES password that is encrypted with an RSA-4096 public encryption key, scans the C drive to encrypt specific extensions, and then “.kirked” is added to the encrypted file name.

Leave a Reply

Your email address will not be published. Required fields are marked *