The Evolution Continues – Ransomware Series Part 7

by | Mar 20, 2017 | Security | 0 comments

Another malware has hit the market since our evolution blog in February. Not only is this ransomware impossible to decrypt, but the cyber hackers are putting a nice spin on it. This ransomware is called the Kirk Ransomware with a Spock decryptor. Why is this ransomware different? Well, not only is it Star Trek themed, but the payment demands are in Monero.

Let’s talk about the Kirk Ransomware 

Kirk Ransomware was discovered by an Avast malware researcher. It is still unknown how the ransomware is being distributed. All files infected will have the extension .kirked, and once infected the ransom note will have an ASCII art image of Spock and Captain James T. Kirk that states “Oh no! The Kirk ransomware has encrypted your files!”

This ransomware encrypts popular files (625 file extensions to be exact), plus an additional 441 extension targets, mostly to do with games. It is rare that ransomware will target game extensions on its victim’s machines. Payment is typically 50 Monero ($2,350 USD) within 48hrs, 200 Monero within 8 – 14 days ($4,700 USD), 500 Monero 15 – 30 days ($11,750), or after 30 days your decryption key is deleted automatically and your data is forever toast!

If you get this ransomware on your machine and plan on paying for it, do not delete the pwd file because that has the encrypted version of your decryption key. In some types of ransomware the cyber hackers send you a decryption code and direct you to a file to unencrypt your data. However, this ransomware involves your partnership with the cyber hacker. If you want to pay this one out to the cyber criminals, you must send the cyber hacker the pwd file so they can decrypt your data for you. That totally sounds scary–make sure you use an email address that isn’t traceable to you, and you also should verify if there was sensitive data that was encrypted. No one knows yet what this pwd file is used for later, if anything, since this is so new to the cyber hacker world.

What is Monero? Is this some BitCoin-like cryptocurrency?

Monero is a complete transaction currency for true electronic cash. Bitcoin, along with other cryptocurrencies, is entirely traceable. Any casual observer can actually read through the Bitcoin blockchain for any transaction. This observer can also find the exact amount that was transacted, along with senders address and recipients address.

Monero can be used for any private transaction, and the same casual observer we mentioned above has no means to uncover the origin, destination, or amount that was transacted. Monero transactions are completely private and untraceable – they were built to never be traced.

Monero will most likely soon become cyber hackers’ payment method of choice. Bitcoin has had too much attention and cyber hackers always change their behavior – what a surprise! They need to  be ahead of the curve, so if Bitcoin is traceable and cyber hackers have been caught using it, they are moving on to the next fad – Monero.

What does it all mean?

In less than 30 days a new ransomware with different payment demands is in the market. During our Ransomware series, we shared all kinds of information –  from types of ransomware, to prevention, and letting you know the latest scams. Our goal is to educate you and ensure you understand that ransomware is not going away and is becoming more sophisticated. The question is no longer if you get ransomware, but when. Even if you are as protected as you can be, we can never stop cyber crimes from occurring. It is important to know what your strategy is for your environment if you have a breach or get infected with ransomware. Join us at our webinar on April 6th for our Ransomware Series Review to learn more about prevention, protection, and response to a cyber threat.

If you want to learn more about how to have better security, contact our Security Services at for a complimentary consultation.