Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor

Discussion in 'HardForum Tech News' started by Zarathustra[H], Mar 17, 2017.

  1. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,023
    Joined:
    Oct 29, 2000
    Bleeping Computer is reporting that there is a new Star Trek themed ransomware in the wild, named the Kirk Ransomware. The ransomware apparently masquerades as a Low Orbit Ion Cannon executable, and once executed encrypts the drive of the affected computer, demanding a ransom payment using Monero, a new, supposedly more secure cryptocurrency than BitCoin. If the ransom payment is made, the victim is reportedly provided with a "Spock Decryptor" tool to decrypt their system.

    It is interesting to me that this executable masquerades as LOIC. It almost makes you wonder if this is some sort of vigilante revenge ransomware, striking back at DDOS kiddies.

    "At the time of this writing, Kirk Ransomware targets 625 file types, which are listed at the end of the article. If a matching file is detected, it will encrypt it using the previously created AES encryption key and then append the .kirk extension to the encrypted file's name. For example, a file called test.jpg would be encrypted and renamed to test.jpg.kirk."
     
  2. MrCaffeineX

    MrCaffeineX [H]ard|Gawd

    Messages:
    1,420
    Joined:
    Aug 22, 2011
    We should classify the creation/distribution of this crap as a capital offense and start executing these morons for the sake of the greater gene pool.
     
    mynamehere and wra18th like this.
  3. Gweenz

    Gweenz [H]ard|Gawd

    Messages:
    1,216
    Joined:
    Dec 18, 2003
    We could, but in most cases you'd have to extradite them to the U.S. first, and that requires months or years of evidence gathering and political back-and-forths. But I agree it should be punished based on the monetary damage it causes. The easiest way to end ransomware is backing up data so people stop paying the ransom. It's astonishing how many mid to large companies get nailed by these and have no backups.
     
    heatlesssun likes this.
  4. Pusher of Buttons

    Pusher of Buttons [H]ard|Gawd

    Messages:
    1,925
    Joined:
    Dec 6, 2016
    Yeah, good luck. My feelings on this are 90% of ransomware are state sponsored. Great way for former Soviet bloc countries and North Korea to earn some extra caps with basically zero risk.
     
    Nukester likes this.
  5. Gigus Fire

    Gigus Fire 2[H]4U

    Messages:
    2,275
    Joined:
    Oct 14, 2004
    To be honest, I have no problems with this.
     
    hurleybird and azuza001 like this.
  6. azuza001

    azuza001 Gawd

    Messages:
    692
    Joined:
    Apr 4, 2012
    I agree. On the one hand if your using a loic then you don't have much of a leg to stand on. Why would you need to use one legitimately? And if you do need to use one for your job I am surprised that your employer doesn't supply their own software to do it.

    On the other hand vigilanty justice isn't good either. . . Trying to profit off of criminal activb ity doesn't make you a saint.
     
  7. nutzo

    nutzo [H]ardness Supreme

    Messages:
    7,377
    Joined:
    Feb 15, 2004
    Then make it a crime to pay the ransom.
    Maybe a fine of 10x the amount paid would cause some of these companies to figure out another solution before giving these criminals money.
    Would be a good opportunity for some AV companies to invest in ways to unencrypt the files.
     
  8. Pusher of Buttons

    Pusher of Buttons [H]ard|Gawd

    Messages:
    1,925
    Joined:
    Dec 6, 2016
    How on earth would you "catch" someone paying the ransom?

    And outside of AV companies spending a few billion on their own super-computing resources to crack encryption keys I'm not sure what you expect them to do about it? The only reasonable way these keys are ever discovered is if the creator releases them eventually, or if they're released by law enforcement after a raid or whatnot.
     
  9. TrailRunner

    TrailRunner Limp Gawd

    Messages:
    384
    Joined:
    Feb 15, 2012
    Punish the victim. OK.
    I guess two wrongs do make a right?
     
    Nukester and Pusher of Buttons like this.
  10. Nenu

    Nenu [H]ardened

    Messages:
    18,729
    Joined:
    Apr 28, 2007
    Regular backups and a backup history.
     
  11. HeadRusch

    HeadRusch [H]ard|Gawd

    Messages:
    1,121
    Joined:
    Jun 8, 2007
    ....adds "LOIC" to his vernacular.......HardO.....you never stop giving. ♥
     
    Zarathustra[H] and wra18th like this.
  12. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,422
    Joined:
    Mar 4, 2013
    Since they have deployed a Low Orbit Ion Cannon, the proper answer is to nuke them from high orbit, just to be sure they get the message.


    Agree with this.
     
    DocSavage, mynamehere and wra18th like this.
  13. haste.

    haste. [H]ard|Gawd

    Messages:
    1,653
    Joined:
    Nov 11, 2011
    2 BUA's, one offsite... solve many many problems
     
  14. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,023
    Joined:
    Oct 29, 2000
    Always happy to oblige!
     
  15. wra18th

    wra18th [H]ardness Supreme

    Messages:
    7,766
    Joined:
    Nov 11, 2009
    Very interesting. Learned something new.
     
  16. Galvin

    Galvin 2[H]4U

    Messages:
    2,694
    Joined:
    Jan 22, 2002
    Monero (XMR) isn't new, been around for a while. Makes sense that ransomware would use this instead of bitcoin since its harder to track.
     
  17. DooLocsta

    DooLocsta [H]ard|Gawd

    Messages:
    1,511
    Joined:
    Jan 26, 2005
    Monero (XMR) has had a really great week as well :D
     
  18. Galvin

    Galvin 2[H]4U

    Messages:
    2,694
    Joined:
    Jan 22, 2002
    Actually this is probably bullish news for Monero :D
     
  19. Inglix_the_Mad

    Inglix_the_Mad Limp Gawd

    Messages:
    332
    Joined:
    Aug 5, 2004
    On the off chance you can find the people behind the crap, there are simpler solutions than extradition. Most will be working for criminal organizations and, even if they are just a bunch of friends and not professional criminals, criminals have trust issues. A former cop told me he learned how easy it was to get criminals to turn on each other when he was younger, and most of the ways he learned dealt with money. Not even a large amount of money, as it seems like criminals will kill over a surprisingly trivial amounts.
     
  20. daglesj

    daglesj [H]ardness Supreme

    Messages:
    5,051
    Joined:
    May 7, 2005
    There needs to be a campaign to get folks to switch from Default Admin accounts to Standard user accounts.

    MS needs to change this at first boot for users too.
     
    Zarathustra[H] likes this.
  21. Galvin

    Galvin 2[H]4U

    Messages:
    2,694
    Joined:
    Jan 22, 2002
    Standard user accounts are a pain. Then software runs into access denied issues everytime you want to install something.
    Anyway i've never had issues, just don't click everything in sight.
     
    wra18th likes this.
  22. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,023
    Joined:
    Oct 29, 2000

    Couldn't agree more.

    It's basic common sense security. Even if you are a pro, the only time you ever log in with an admin account is when you need to do admin tasks.

    Even the best of the best should never running day to day in an admin account. It's just plain foolish.
     
  23. daglesj

    daglesj [H]ardness Supreme

    Messages:
    5,051
    Joined:
    May 7, 2005
    Hang on...its not pain at all. I run a standard account for day to day on my machine. When anything Admin comes up, I just type the password in and it does it. If that's not enough I have to wait all of 10 seconds to switch to the admin account and then back again.

    I guess some also believe using condoms "just gets in the way!"

    Lazy!

    If we could get 80% of Joe Average users to switch it would change things big time. All the machines I issue out are setup with Admin and User accounts. Even ones I get in for servicing and fixing get converted. Customers don't mind at all when you explain it to them.

    Every other OS works that way except Windows...Hmmmm.
     
    Last edited: Mar 20, 2017
  24. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    There are plenty of crypto malware that runs under standard user accounts and still encrypts all of their files along with any mapped shares' files.
     
  25. daglesj

    daglesj [H]ardness Supreme

    Messages:
    5,051
    Joined:
    May 7, 2005
    But not all...and do you get to pick and choose which types hit your system? Every little helps and there is plenty of other Malware that Standard accounts stops. Still no reason not to use one for every day use.
     
    DocSavage likes this.
  26. Dekoth-E-

    Dekoth-E- [H]ardness Supreme

    Messages:
    7,600
    Joined:
    Mar 23, 2010
    On one hand I believe people who create this kind of shit are the lowest of the low and deserve to rot in whatever third world hellhole we can throw them into. On the other, this one couldn't target a more deserving group of little ingrates. I really have zero respect for any of the shitheads who use LOIC.
     
    Zarathustra[H] likes this.