The Evolution Continues – Ransomware Series Part 7

Another malware has hit the market since our evolution blog in February. Not only is this ransomware impossible to decrypt, but the cyber hackers are putting a nice spin on it. This ransomware is called the Kirk Ransomware with a Spock decryptor. Why is this ransomware different? Well, not only is it Star Trek themed, but the payment demands are in Monero.

Let’s talk about the Kirk Ransomware 

Kirk Ransomware was discovered by an Avast malware researcher. It is still unknown how the ransomware is being distributed. All files infected will have the extension .kirked, and once infected the ransom note will have an ASCII art image of Spock and Captain James T. Kirk that states “Oh no! The Kirk ransomware has encrypted your files!”

This ransomware encrypts popular files (625 file extensions to be exact), plus an additional 441 extension targets, mostly to do with games. It is rare that ransomware will target game extensions on its victim’s machines. Payment is typically 50 Monero ($2,350 USD) within 48hrs, 200 Monero within 8 – 14 days ($4,700 USD), 500 Monero 15 – 30 days ($11,750), or after 30 days your decryption key is deleted automatically and your data is forever toast!

If you get this ransomware on your machine and plan on paying for it, do not delete the pwd file because that has the encrypted version of your decryption key. In some types of ransomware the cyber hackers send you a decryption code and direct you to a file to unencrypt your data. However, this ransomware involves your partnership with the cyber hacker. If you want to pay this one out to the cyber criminals, you must send the cyber hacker the pwd file so they can decrypt your data for you. That totally sounds scary–make sure you use an email address that isn’t traceable to you, and you also should verify if there was sensitive data that was encrypted. No one knows yet what this pwd file is used for later, if anything, since this is so new to the cyber hacker world.

What is Monero? Is this some BitCoin-like cryptocurrency?

Monero is a complete transaction currency for true electronic cash. Bitcoin, along with other cryptocurrencies, is entirely traceable. Any casual observer can actually read through the Bitcoin blockchain for any transaction. This observer can also find the exact amount that was transacted, along with senders address and recipients address.

Monero can be used for any private transaction, and the same casual observer we mentioned above has no means to uncover the origin, destination, or amount that was transacted. Monero transactions are completely private and untraceable – they were built to never be traced.

Monero will most likely soon become cyber hackers’ payment method of choice. Bitcoin has had too much attention and cyber hackers always change their behavior – what a surprise! They need to  be ahead of the curve, so if Bitcoin is traceable and cyber hackers have been caught using it, they are moving on to the next fad – Monero.

What does it all mean?

In less than 30 days a new ransomware with different payment demands is in the market. During our Ransomware series, we shared all kinds of information –  from types of ransomware, to prevention, and letting you know the latest scams. Our goal is to educate you and ensure you understand that ransomware is not going away and is becoming more sophisticated. The question is no longer if you get ransomware, but when. Even if you are as protected as you can be, we can never stop cyber crimes from occurring. It is important to know what your strategy is for your environment if you have a breach or get infected with ransomware. Join us at our webinar on April 6th for our Ransomware Series Review to learn more about prevention, protection, and response to a cyber threat.

If you want to learn more about how to have better security, contact our Security Services at info@peters.com for a complimentary consultation.

By | 2017-05-07T07:26:49+00:00 March 20th, 2017|IT Security Solutions|Comments Off on The Evolution Continues – Ransomware Series Part 7

About the Author:

Galaxia Martin is the Director of Support Services and she is responsible for support and security services operations within the support desk. Galaxia has worked in the IT industry for over 15 years in Financial, Accounting, and Software Development businesses. She has designed and led organizational innovations, as well as optimized and increased growth within support operations. She understands the complexity of business operations and has experience with aligning business initiatives with cost reduction solutions. As an Information Technology expert, Galaxia continues to research and study the latest technology, cyber risks, and industry trends to help educate our clients. Galaxia has a Master’s degree in Information Systems with additional studies in marketing and arts. She is an active board member for a non-profit organization called WordsonWheels that helps infants and toddlers to increase early literacy skills in high risk communities.