Credit: Reuters/ Mario Anzuoni While you may want to live long and prosper, you don’t want to be “kirked”—an extension added to files encrypted by the new Star Trek-themed Kirk ransomware.Kirk ransomware, which was discovered by Avast malware researcher Jakub Kroustek, doesn’t want the ransom to be paid in bitcoin. Bleeping Computer said it “may be the first ransomware to utilize Monero as the ransom payment of choice.”It is not known how the ransomware is being distributed, but researchers know that Kirk ransomware masquerades as the Low Orbital Ion Cannon network stress tool; LOIC was once favored for denial of service attacks. The fake version sports the LOIC slogan, “When harpoons, air strikes and nukes fail,” and claims to be initializing once executed.In reality, once executed, the ransomware generates an AES password that is encrypted with an RSA-4096 public encryption key, scans the C drive to encrypt specific extensions, and adds “.kirked” to the encrypted file name. The ransomware note displayed shows an ASCII art image of Spock and Captain James. T. Kirk—the pictures are of the original Spock (Leonard Nimoy) and Kirk (William Shatner)—followed by: “Oh no! The Kirk ransomware has encrypted your files!”Kirk ransomware, which was written in Python, currently targets 625 files types. The ransom note lists many popular file extensions, followed by: “There are an additional 441 file extensions that are targeted. They are mostly to do with games.” Some people might opt to pay to unlock their pictures, movies, music and Office documents, but Solitaire? When viewing the full list of targeted extensions via Bleeping Computer, you can see that the ransomware even targets the extension to encrypt Microsoft Spider Solitaire. Victims who bow to the extortion and intend to pay the ransom are told to send 50 Monero to a Monero wallet. The value of Monero at the time of writing is $23.50595522, so the ransom is about $1,175. The ransom note says the time of infection was logged and payments received after 48 hours from the “time of infection will be charged double”—so roughly $2,350. The ransom price after 8-14 days is 200 Monero, or about $4,700. It’s 500 Monero 15-30 days after infection, or about $11,750. On day 31, the password decryption key is deleted.Spock to the rescueOnce the ransom payment is made, victims will allegedly receive their “decrypted password file and program called Spock.” The ransom note says to run Spock to decrypt all files encrypted with Kirk ransomware.As of right now, there are no known victims of the ransomware. Therefore, Bleeping Computer noted that researchers have yet to see a sample of the Spock decryptor and believe that “at this time the ransomware does not look like it can be decrypted;” researchers often try to release ransomware decryptors so victims have options other than pay or lose everything not backed up.Once it is circulating in the wild and infecting victims, Bleeping Computer’s Lawrence Abrams noted:If you plan on paying the ransom for the Kirk Ransomware, you must not delete the pwd file as it contains an encrypted version of your decryption key. Only the ransomware developer can decrypt this file and if a victim wishes to pay the ransom they will be required to send them this file. Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe