Star Trek-themed Captain 'Kirk' ransomware with Spock decryptor spotted

Star Trek-themed Captain 'Kirk' ransomware with Spock decryptor spotted

Beam us up, Scotty!

A cyber-criminal who obviously watches way too much television has gone where many have gone before and rolled out a new malware family called Kirk ransomware.

Kirk's creators did have a sense of humour when putting together their scheme. The malware, which was uncovered by Avast cyber researcher Jakub Kroustek, contains a short list of Star Trek and SciFi references that any TV junkie/hacker would admire. In addition to naming the code after the captain of the USS Enterprise, the decryptor that is supplied once payment is made is dubbed Spock, according to Bleeping Computer.

In addition, there is a reference to a Low Orbital Ion Canon, which not only satisfies the geeks out there, but is also a real type of network stress tool.

There has not yet been any reported incidences of Kirk, which is written in Python, in the wild, but on (mixed metaphor alert) the dark side of the situation the malware has the potential to be dangerous as no decryptor is available, except for the one offered by the criminals. Webroot reverse engineer Eric Klonowski said his firm classified Kirk as malicious on 7 March.

Bleeping Computer founder Lawrence Abrams also noted that the cyber-criminals are using the Monero digital currency instead of the more popular Bitcoin, which he believes is a first for this type of attack.

Since the Kirk ransomware has not been officially spotted in the wild nor have any victims come forward, Abrams said, its distribution method is still unknown. However, once in a system it cloaks itself as a Low Orbital Ion Canon stress tool, and uses a fake Low Orbital Ion Canon alert to confuse the victim. The ransomware then executes creating an AES password, which in turn, is encrypted by an embedded RSA-4096 encryption key and stored in the system for later use.

"The Kirk malware demonstrates that ransomware crypto can be effectively implemented in a few lines of code with relatively few weaknesses," Klonowski said, adding that "New flavours of ransomware are nothing new, we've seen ransomware that brands itself as PAC-MAN, Breaking Bad, etc. Generally, these don't proliferate and aren't very serious in the grand scheme of things."

Abrams wrote that it's important to not delete this key as it has to be forwarded to the bad guys for the decryption system to work.

The files are then encrypted and the ransom note appears, which keeps up the theme by containing images of Kirk and Spock. The cyber-criminals' ransom demand starts at 50 Monero or about US$1,100 with the amount doubling every few days topping out at 1100 Monero after two weeks. The victim is told if the ransom is not paid within 30 days the key will be deleted and the data irretrievable.

The note does contain instructions to regain access to the files using the Spock decryptor.

Possibly the biggest flaw with Kirk is its use of Monero.

"The problem is that this is only going to confuse victims even more. Even with Bitcoin becoming more accepted, it is still not easy to acquire them. By introducing a new cryptocurrency into the mix, victims are just going to become more confused and make paying ransoms even more difficult," Abrams wrote.

This article originally appeared at

Source: Copyright © SC Magazine, UK edition

See more about:  kirk  |  ransomware  |  security  |  spock
Latest articles on BIT Latest Articles from BIT
Four affordable tools for managing mobile devices
22 Jun 2017
We explain how a mobile device management system can help secure your business data, and why it ...
Scammers now targeting EnergyAustralia customers
20 Jun 2017
A security provider has warned of another realistic malware campaign masquerading as electricity ...
20 Android security apps tested
20 Jun 2017
Which security apps will actually protect your Android device? These in-depth antivirus tests ...
Choosing the right mobile strategy to protect your business
19 Jun 2017
Make sure you don't lose data or customers by setting the right policies for the use of mobile ...
Epson adds to scanning options
19 Jun 2017
Looking for a versatile, high-volume scanner? Epson’s new WorkForce DS-780N could fit the ...

Latest Comments

From our Partners

PC & Tech Authority Downloads