Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
38,741
Bleeping Computer is reporting that there is a new Star Trek themed ransomware in the wild, named the Kirk Ransomware. The ransomware apparently masquerades as a Low Orbit Ion Cannon executable, and once executed encrypts the drive of the affected computer, demanding a ransom payment using Monero, a new, supposedly more secure cryptocurrency than BitCoin. If the ransom payment is made, the victim is reportedly provided with a "Spock Decryptor" tool to decrypt their system.

It is interesting to me that this executable masquerades as LOIC. It almost makes you wonder if this is some sort of vigilante revenge ransomware, striking back at DDOS kiddies.

"At the time of this writing, Kirk Ransomware targets 625 file types, which are listed at the end of the article. If a matching file is detected, it will encrypt it using the previously created AES encryption key and then append the .kirk extension to the encrypted file's name. For example, a file called test.jpg would be encrypted and renamed to test.jpg.kirk."
 
We should classify the creation/distribution of this crap as a capital offense and start executing these morons for the sake of the greater gene pool.
 
We should classify the creation/distribution of this crap as a capital offense and start executing these morons for the sake of the greater gene pool.

We could, but in most cases you'd have to extradite them to the U.S. first, and that requires months or years of evidence gathering and political back-and-forths. But I agree it should be punished based on the monetary damage it causes. The easiest way to end ransomware is backing up data so people stop paying the ransom. It's astonishing how many mid to large companies get nailed by these and have no backups.
 
We should classify the creation/distribution of this crap as a capital offense and start executing these morons for the sake of the greater gene pool.

Yeah, good luck. My feelings on this are 90% of ransomware are state sponsored. Great way for former Soviet bloc countries and North Korea to earn some extra caps with basically zero risk.
 
I agree. On the one hand if your using a loic then you don't have much of a leg to stand on. Why would you need to use one legitimately? And if you do need to use one for your job I am surprised that your employer doesn't supply their own software to do it.

On the other hand vigilanty justice isn't good either. . . Trying to profit off of criminal activb ity doesn't make you a saint.
 
Yeah, good luck. My feelings on this are 90% of ransomware are state sponsored. Great way for former Soviet bloc countries and North Korea to earn some extra caps with basically zero risk.

Then make it a crime to pay the ransom.
Maybe a fine of 10x the amount paid would cause some of these companies to figure out another solution before giving these criminals money.
Would be a good opportunity for some AV companies to invest in ways to unencrypt the files.
 
Then make it a crime to pay the ransom.
Maybe a fine of 10x the amount paid would cause some of these companies to figure out another solution before giving these criminals money.
Would be a good opportunity for some AV companies to invest in ways to unencrypt the files.

How on earth would you "catch" someone paying the ransom?

And outside of AV companies spending a few billion on their own super-computing resources to crack encryption keys I'm not sure what you expect them to do about it? The only reasonable way these keys are ever discovered is if the creator releases them eventually, or if they're released by law enforcement after a raid or whatnot.
 
Then make it a crime to pay the ransom.
Maybe a fine of 10x the amount paid would cause some of these companies to figure out another solution before giving these criminals money.
Would be a good opportunity for some AV companies to invest in ways to unencrypt the files.
Punish the victim. OK.
I guess two wrongs do make a right?
 
How on earth would you "catch" someone paying the ransom?

And outside of AV companies spending a few billion on their own super-computing resources to crack encryption keys I'm not sure what you expect them to do about it? The only reasonable way these keys are ever discovered is if the creator releases them eventually, or if they're released by law enforcement after a raid or whatnot.
Regular backups and a backup history.
 
We could, but in most cases you'd have to extradite them to the U.S. first, and that requires months or years of evidence gathering and political back-and-forths. But I agree it should be punished based on the monetary damage it causes. The easiest way to end ransomware is backing up data so people stop paying the ransom. It's astonishing how many mid to large companies get nailed by these and have no backups.
2 BUA's, one offsite... solve many many problems
 
Monero (XMR) isn't new, been around for a while. Makes sense that ransomware would use this instead of bitcoin since its harder to track.
 
We could, but in most cases you'd have to extradite them to the U.S. first, and that requires months or years of evidence gathering and political back-and-forths. But I agree it should be punished based on the monetary damage it causes. The easiest way to end ransomware is backing up data so people stop paying the ransom. It's astonishing how many mid to large companies get nailed by these and have no backups.

On the off chance you can find the people behind the crap, there are simpler solutions than extradition. Most will be working for criminal organizations and, even if they are just a bunch of friends and not professional criminals, criminals have trust issues. A former cop told me he learned how easy it was to get criminals to turn on each other when he was younger, and most of the ways he learned dealt with money. Not even a large amount of money, as it seems like criminals will kill over a surprisingly trivial amounts.
 
There needs to be a campaign to get folks to switch from Default Admin accounts to Standard user accounts.

MS needs to change this at first boot for users too.
 
Standard user accounts are a pain. Then software runs into access denied issues everytime you want to install something.
Anyway i've never had issues, just don't click everything in sight.
 
There needs to be a campaign to get folks to switch from Default Admin accounts to Standard user accounts.

MS needs to change this at first boot for users too.


Couldn't agree more.

It's basic common sense security. Even if you are a pro, the only time you ever log in with an admin account is when you need to do admin tasks.

Even the best of the best should never running day to day in an admin account. It's just plain foolish.
 
Standard user accounts are a pain. Then software runs into access denied issues everytime you want to install something.
Anyway i've never had issues, just don't click everything in sight.

Hang on...its not pain at all. I run a standard account for day to day on my machine. When anything Admin comes up, I just type the password in and it does it. If that's not enough I have to wait all of 10 seconds to switch to the admin account and then back again.

I guess some also believe using condoms "just gets in the way!"

Lazy!

If we could get 80% of Joe Average users to switch it would change things big time. All the machines I issue out are setup with Admin and User accounts. Even ones I get in for servicing and fixing get converted. Customers don't mind at all when you explain it to them.

Every other OS works that way except Windows...Hmmmm.
 
Last edited:
There needs to be a campaign to get folks to switch from Default Admin accounts to Standard user accounts.

MS needs to change this at first boot for users too.
There are plenty of crypto malware that runs under standard user accounts and still encrypts all of their files along with any mapped shares' files.
 
There are plenty of crypto malware that runs under standard user accounts and still encrypts all of their files along with any mapped shares' files.

But not all...and do you get to pick and choose which types hit your system? Every little helps and there is plenty of other Malware that Standard accounts stops. Still no reason not to use one for every day use.
 
On one hand I believe people who create this kind of shit are the lowest of the low and deserve to rot in whatever third world hellhole we can throw them into. On the other, this one couldn't target a more deserving group of little ingrates. I really have zero respect for any of the shitheads who use LOIC.
 
Back
Top