Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,895
Bleeping Computer is reporting that there is a new Star Trek themed ransomware in the wild, named the Kirk Ransomware. The ransomware apparently masquerades as a Low Orbit Ion Cannon executable, and once executed encrypts the drive of the affected computer, demanding a ransom payment using Monero, a new, supposedly more secure cryptocurrency than BitCoin. If the ransom payment is made, the victim is reportedly provided with a "Spock Decryptor" tool to decrypt their system.

It is interesting to me that this executable masquerades as LOIC. It almost makes you wonder if this is some sort of vigilante revenge ransomware, striking back at DDOS kiddies.

"At the time of this writing, Kirk Ransomware targets 625 file types, which are listed at the end of the article. If a matching file is detected, it will encrypt it using the previously created AES encryption key and then append the .kirk extension to the encrypted file's name. For example, a file called test.jpg would be encrypted and renamed to test.jpg.kirk."
 

MrCaffeineX

[H]ard|Gawd
Joined
Aug 22, 2011
Messages
1,500
We should classify the creation/distribution of this crap as a capital offense and start executing these morons for the sake of the greater gene pool.
 

Gweenz

[H]ard|Gawd
Joined
Dec 18, 2003
Messages
1,216
We should classify the creation/distribution of this crap as a capital offense and start executing these morons for the sake of the greater gene pool.

We could, but in most cases you'd have to extradite them to the U.S. first, and that requires months or years of evidence gathering and political back-and-forths. But I agree it should be punished based on the monetary damage it causes. The easiest way to end ransomware is backing up data so people stop paying the ransom. It's astonishing how many mid to large companies get nailed by these and have no backups.
 

Pusher of Buttons

[H]ard|Gawd
Joined
Dec 6, 2016
Messages
1,924
We should classify the creation/distribution of this crap as a capital offense and start executing these morons for the sake of the greater gene pool.

Yeah, good luck. My feelings on this are 90% of ransomware are state sponsored. Great way for former Soviet bloc countries and North Korea to earn some extra caps with basically zero risk.
 

azuza001

Gawd
Joined
Apr 4, 2012
Messages
697
I agree. On the one hand if your using a loic then you don't have much of a leg to stand on. Why would you need to use one legitimately? And if you do need to use one for your job I am surprised that your employer doesn't supply their own software to do it.

On the other hand vigilanty justice isn't good either. . . Trying to profit off of criminal activb ity doesn't make you a saint.
 

nutzo

Supreme [H]ardness
Joined
Feb 15, 2004
Messages
7,380
Yeah, good luck. My feelings on this are 90% of ransomware are state sponsored. Great way for former Soviet bloc countries and North Korea to earn some extra caps with basically zero risk.

Then make it a crime to pay the ransom.
Maybe a fine of 10x the amount paid would cause some of these companies to figure out another solution before giving these criminals money.
Would be a good opportunity for some AV companies to invest in ways to unencrypt the files.
 

Pusher of Buttons

[H]ard|Gawd
Joined
Dec 6, 2016
Messages
1,924
Then make it a crime to pay the ransom.
Maybe a fine of 10x the amount paid would cause some of these companies to figure out another solution before giving these criminals money.
Would be a good opportunity for some AV companies to invest in ways to unencrypt the files.

How on earth would you "catch" someone paying the ransom?

And outside of AV companies spending a few billion on their own super-computing resources to crack encryption keys I'm not sure what you expect them to do about it? The only reasonable way these keys are ever discovered is if the creator releases them eventually, or if they're released by law enforcement after a raid or whatnot.
 

TrailRunner

Limp Gawd
Joined
Feb 15, 2012
Messages
408
Then make it a crime to pay the ransom.
Maybe a fine of 10x the amount paid would cause some of these companies to figure out another solution before giving these criminals money.
Would be a good opportunity for some AV companies to invest in ways to unencrypt the files.
Punish the victim. OK.
I guess two wrongs do make a right?
 

Nenu

[H]ardened
Joined
Apr 28, 2007
Messages
19,624
How on earth would you "catch" someone paying the ransom?

And outside of AV companies spending a few billion on their own super-computing resources to crack encryption keys I'm not sure what you expect them to do about it? The only reasonable way these keys are ever discovered is if the creator releases them eventually, or if they're released by law enforcement after a raid or whatnot.
Regular backups and a backup history.
 

haste.

[H]ard|Gawd
Joined
Nov 11, 2011
Messages
1,651
We could, but in most cases you'd have to extradite them to the U.S. first, and that requires months or years of evidence gathering and political back-and-forths. But I agree it should be punished based on the monetary damage it causes. The easiest way to end ransomware is backing up data so people stop paying the ransom. It's astonishing how many mid to large companies get nailed by these and have no backups.
2 BUA's, one offsite... solve many many problems
 

Galvin

2[H]4U
Joined
Jan 22, 2002
Messages
2,697
Monero (XMR) isn't new, been around for a while. Makes sense that ransomware would use this instead of bitcoin since its harder to track.
 

Inglix_the_Mad

Limp Gawd
Joined
Aug 5, 2004
Messages
332
We could, but in most cases you'd have to extradite them to the U.S. first, and that requires months or years of evidence gathering and political back-and-forths. But I agree it should be punished based on the monetary damage it causes. The easiest way to end ransomware is backing up data so people stop paying the ransom. It's astonishing how many mid to large companies get nailed by these and have no backups.

On the off chance you can find the people behind the crap, there are simpler solutions than extradition. Most will be working for criminal organizations and, even if they are just a bunch of friends and not professional criminals, criminals have trust issues. A former cop told me he learned how easy it was to get criminals to turn on each other when he was younger, and most of the ways he learned dealt with money. Not even a large amount of money, as it seems like criminals will kill over a surprisingly trivial amounts.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,367
There needs to be a campaign to get folks to switch from Default Admin accounts to Standard user accounts.

MS needs to change this at first boot for users too.
 

Galvin

2[H]4U
Joined
Jan 22, 2002
Messages
2,697
Standard user accounts are a pain. Then software runs into access denied issues everytime you want to install something.
Anyway i've never had issues, just don't click everything in sight.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,895
There needs to be a campaign to get folks to switch from Default Admin accounts to Standard user accounts.

MS needs to change this at first boot for users too.


Couldn't agree more.

It's basic common sense security. Even if you are a pro, the only time you ever log in with an admin account is when you need to do admin tasks.

Even the best of the best should never running day to day in an admin account. It's just plain foolish.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,367
Standard user accounts are a pain. Then software runs into access denied issues everytime you want to install something.
Anyway i've never had issues, just don't click everything in sight.

Hang on...its not pain at all. I run a standard account for day to day on my machine. When anything Admin comes up, I just type the password in and it does it. If that's not enough I have to wait all of 10 seconds to switch to the admin account and then back again.

I guess some also believe using condoms "just gets in the way!"

Lazy!

If we could get 80% of Joe Average users to switch it would change things big time. All the machines I issue out are setup with Admin and User accounts. Even ones I get in for servicing and fixing get converted. Customers don't mind at all when you explain it to them.

Every other OS works that way except Windows...Hmmmm.
 
Last edited:

DocSavage

2[H]4U
Joined
Dec 18, 2002
Messages
2,409
There needs to be a campaign to get folks to switch from Default Admin accounts to Standard user accounts.

MS needs to change this at first boot for users too.
There are plenty of crypto malware that runs under standard user accounts and still encrypts all of their files along with any mapped shares' files.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,367
There are plenty of crypto malware that runs under standard user accounts and still encrypts all of their files along with any mapped shares' files.

But not all...and do you get to pick and choose which types hit your system? Every little helps and there is plenty of other Malware that Standard accounts stops. Still no reason not to use one for every day use.
 

Dekoth-E-

Supreme [H]ardness
Joined
Mar 23, 2010
Messages
7,599
On one hand I believe people who create this kind of shit are the lowest of the low and deserve to rot in whatever third world hellhole we can throw them into. On the other, this one couldn't target a more deserving group of little ingrates. I really have zero respect for any of the shitheads who use LOIC.
 
Top