Star Trek Fan Creates "Kirk" Ransomware
Posted by: Timothy Weaver on 03/17/2017 01:34 PM
[
Comments
]
Well, it had to happen. Someone with a fetish for Star Trek has created a new ransomware family called "Kirk" and a decryption key called "Spock".
The ransomware also contains a reference to a Low Orbital Ion Canon which is a real type of network stress tool.
Kirk, written in Python, has not yet been found in the wild, but could become a real danger if released as there is no decryption key available.
Lawrence Abrams, Bleeping Computers founder, also noted that this ransomware is demanding payment in Monero digital currency rather than the typical bitcoin.
Since it is not yet been found in the wild, the infection method is not known. But once it infects a system, it cloaks itself as a Low Orbital Ion Canon stress tool, and uses a fake Low Orbital Ion Canon alert to confuse the victim. An AES password is then created and stored in the system. It is important to not delete this key as it is necessary to decrypt the system.
A ransom demand is then created which asks for 50 Monero or about $1,100 with the amount doubling every few days topping out at 1,100 Monero after two weeks. It increases as time passes until it reaches 1,100 Monero after two weeks. If the ransom is not paid, the key will be deleted and the data will become irretrievable.
Abrams considers the biggest flaw to be the demand for payment in Monero.
"The problem is that this is only going to confuse victims even more. Even with Bitcoin becoming more accepted, it is still not easy to acquire them. By introducing a new cryptocurrency into the mix, victims are just going to become more confused and make paying ransoms even more difficult," Abrams wrote.
Source: SCMagazine
The ransomware also contains a reference to a Low Orbital Ion Canon which is a real type of network stress tool.Kirk, written in Python, has not yet been found in the wild, but could become a real danger if released as there is no decryption key available.
Lawrence Abrams, Bleeping Computers founder, also noted that this ransomware is demanding payment in Monero digital currency rather than the typical bitcoin.
Since it is not yet been found in the wild, the infection method is not known. But once it infects a system, it cloaks itself as a Low Orbital Ion Canon stress tool, and uses a fake Low Orbital Ion Canon alert to confuse the victim. An AES password is then created and stored in the system. It is important to not delete this key as it is necessary to decrypt the system.
A ransom demand is then created which asks for 50 Monero or about $1,100 with the amount doubling every few days topping out at 1,100 Monero after two weeks. It increases as time passes until it reaches 1,100 Monero after two weeks. If the ransom is not paid, the key will be deleted and the data will become irretrievable.
Abrams considers the biggest flaw to be the demand for payment in Monero.
"The problem is that this is only going to confuse victims even more. Even with Bitcoin becoming more accepted, it is still not easy to acquire them. By introducing a new cryptocurrency into the mix, victims are just going to become more confused and make paying ransoms even more difficult," Abrams wrote.
Source: SCMagazine
Comments
