Friday March 17, 2017

Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor

Bleeping Computer is reporting that there is a new Star Trek themed ransomware in the wild, named the Kirk Ransomware. The ransomware apparently masquerades as a Low Orbit Ion Cannon executable, and once executed encrypts the drive of the affected computer, demanding a ransom payment using Monero, a new, supposedly more secure cryptocurrency than BitCoin. If the ransom payment is made, the victim is reportedly provided with a "Spock Decryptor" tool to decrypt their system.

It is interesting to me that this executable masquerades as LOIC. It almost makes you wonder if this is some sort of vigilante revenge ransomware, striking back at DDOS kiddies.

News Image

At the time of this writing, Kirk Ransomware targets 625 file types, which are listed at the end of the article. If a matching file is detected, it will encrypt it using the previously created AES encryption key and then append the .kirk extension to the encrypted file's name. For example, a file called test.jpg would be encrypted and renamed to test.jpg.kirk.

Discussion