Humaniq

Kirk Ransomware Demands a Monero Payment Instead of Bitcoin

It is not uncommon for researchers to come across new types of ransomware on a regular basis. Criminals will continue to use malware as their primary way of infecting computers and infiltrating enterprise networks. Kirk, a Star Trek-themed ransomware strain, is the latest discovery in a growing list of malware. However, it is the first crypto-ransomware to demand a Monero payment, rather than bitcoin.

The First Monero Ransomware Strain is Here

Considering how Monero is referred to as the new favorable currency for darknet transactions, it was only a matter of time until criminals would start to pay attention. By developing a new type of ransomware that only accepts Monero payments, cyber criminals are stepping up their game once again. Unfortunately, this does not bode well for Monero’s public image, although it will not cause irreparable damage either.

Kirk, as this new malware strain is called, is clearly inspired by the ever-popular Star Trek series. It is not unusual for criminals to theme malware after certain ideals or ideas. Not too long ago, a ransomware family by the name of Satan was uncovered, which we talked about in a different article. Naming a new creation after one of the most iconic figures in all of science fiction is not all that different in this regard.

Once the ransomware infects a computer, it will encrypt all files on the hard drive. A message is displayed asking victims to pay a certain amount of money in the form of Monero, with helpful links redirecting users to exchanges facilitating the purchase of this particular cryptocurrency. If this trend becomes more popular, companies may start stockpiling Monero instead of bitcoin to fight off future cyber attacks.

Unfortunately for victims of this malware, paying the Monero ransom is not the best course of action. While the criminals will send a decryptor – going by the name of Spock – to the victim, the tool will not actively restore access to computer files by any means. It is unclear if this is done on purpose or just a sign of the developers being incapable of producing proper decryption software for their own creation. Ransomware-as-a-service has become a popular service, requiring little to no coding knowledge whatsoever.

Thankfully, it seems the Kirk ransomware has very little chance of infecting large amounts of users. For the time being, this malware is distributed as a copy of Low Orbit Ion Cannon, a tool only used by select people. Anyone else who is not messing around with similar tools should be safe from Kirk, although that situation may change at any given time. Malware is often distributed by making it appear to be legitimate software or cracked versions of popular programs.

Although there are no official victims of the Kirk ransomware yet, that doesn’t mean this threat should be ignored. it is possible this is just a small tool to test the waters, before exposing the whole world to Monero ransomware. Right now, the criminals are demanding a 50 XMR ransom, although that value will be increased as the anonymity-oriented cryptocurrency gains more traction.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.