If you see this, and it’s not just a screenshot from a web page, you’re screwed.

Monero is a kind of cryptocurrency, particularly effective at hiding the identities of the people who use it. The new Kirk ransomware that relies on it to collect its ransom payments is particularly vicious. Like all ransomware, it encrypts your entire hard drive and demands ransom to decrypt it. This new ransomware is named for its demand that you pay up via a cryptocurrency called – you guessed it – Monero. This is a break from previous ransomware, in that it doesn’t use Bitcoin to collect payments. It’s themed on Star Trek, calling itself “Kirk” after the first captain of the Enterprise. When you get infected, you’re shown an ASCII picture of Captain Kirk along with the demand notice.

The new Kirk ransomware was discovered by Jakub Kroustek, a researcher at the cybersecurity firm, Avast.

Once infected, Kirk encrypts about 625 different file types with an RSA-4096 encryption protocol, appending the filename extension with “.kirk”.

To get the decryption program (predictably called “Spock”) and decrypt the files, the victim must pay 50 Monero, which at current rates is about $1000. After two days, that doubles, then it doubles again after 8 days, then it goes to 500 on the 15th day (or about $10,000). If you haven’t paid up after a month, the password decryption key gets deleted, rendering the files unopenable forever. Once the victim makes the ransom payment, they will be provided with a decryption program.  All in all, unless the affected machine happens to contain information worth far more than the ransom fee, you’re better off just swallowing your tears – and your pride – and wiping the entire hard disk yourself.

Unlike Bitcoin, Monero transactions are virtually untraceable due to the use of CryptoNote protocol. Security experts had predicted its adoption by cybercriminals and dark net vendors, which has now come true in the form of Kirk.

Fortunately, the only people who are likely to get infected with the Kirk ransomware are the same sort of people who would deploy such a thing in the first place. The Kirk ransomware disguises itself as a popular turnkey server attack tool, a favorite of /b/tards and script kiddies around the world: Low Orbital Ion Cannon (LOIC). A popular tool of Anonymous, it none the less does nothing to hide the source of the attacks it executes, making anyone foolish enough to use it subject to tracing, and arrest. The tool can be used as a load tester for internet servers, but that was never its primary function.

The best way to avoid getting infected with the Kirk ransomware is not to goof around with malevolent tools in the first place, so the vast majority of us are safe. If you do find the Kirk ransomware on your machine via some other means, though, unless you’re rolling in cash, your machine as you knew it is basically toast.

Stay safe, and practice good cyber-hygiene, and all will be well.


SCIFI Radio Staff

SCIFI Radio Staff

SCIFI.radio is listener supported sci-fi geek culture radio, and operates almost exclusively via the generous contributions of our fans via our Patreon campaign. If you like, you can also use our tip jar and send us a little something to help support the many fine creatives that make this station possible.