A new piece of ransomware has surfaced featuring star trek theme, named Kirk Ransomware, the first of its kind ransomware demanding Monero cryptocurrency instead of Bitcoin. It was discovered by Avast malware researcher Jakub Kroustek. Cyber criminals are turning highly sophisticated with better, more secure ways to ask for ransom and hence a first for Monero. Monero is said to be more secure than Bitcoin and is untraceable. The malware is named after a popular character in star trek movies: Kirk. The decryptor is named Spock another name from the movie. Low Oribital Ion Cannon (LOIC) window also displays a slogan from the movie, which confirms the theme of the ransomware to be inspired by star trek movies.
How it works
The ransomware is capable of encrypting about 625 file types and change the extension to “.kirked” after encryption (for example “abcd.png” is changed to “abcd.png.kirked”). If the malware has attacked your system, then a pop-up window appears and a text file (“RANSOM_NOTE.txt”) is created and placed on the desktop. It also creates a “pwd” file which contains password in encrypted format for the specific user. Encryption type AES and RSA are the two encryption algorithms used by the kirk ransomware to encrypt your files.
The crypto virus is written in python programming language and claims to be a network stress tool called “Low Orbital Ion Cannon”. The method of delivery is not certain but spam emails and email attachments are being used. It can also deliver its payload on file on social media websites and networks for file sharing.
So far Ransomware is the most successful malware attack in the cybercrime landscape. There is no alternative once the attackers have encrypted the file except for victim to pay for the ransom demanded. Kirk Ransomware uses a time-based payment model where by a message regarding payment is displayed:
Prices:
Days : Monero : Offer Expires
0-2 : 50 : 03/18/17 15:32:14
3-7 : 100 : 03/23/17 15:32:14
8-14 : 200 : 03/30/17 15:32:14
15-30 : 500 : 04/15/17 15:32:14
Note: In 31 days your password decryption key gets permanently deleted. You then have no way to ever retrieve your files. So, pay now.
The value of Monero, at the time of writing, is $22.68795927. Clearly the most basic amount as a ransom will be around $1100. The interesting thing is after 31 days the files are permanently encrypted making them inaccessible forever.
Solution
The best way to avoid such a situation is not to let the virus infect your system or the network because once the attack has occurred the only way out is paying the ransom or restore the system from backup (which is not usually a path taken).
Using state-of-art cyber security measures is an imperative to a more secure and continued workflow. Logix Infosecurity provides latest cyber security measures to be placed to avoid such damages caused by increasing cyber-attacks. Data leakage protection is another important aspect in these attacks where sensitive information can be leaked if not held for ransom. Logix provides intelligent tools to keep everything digital under check and protection to help keep your company safe.
