Kirk Star Trek-themed ransomware disguises itself as a ddos tool
Avast security researcher Jakub Kroustek has discovered a ransomware variant masquerading as a ddos tool. The malicious software features a Star Trek theme and is the first ransomware to request payment in the Monero currency.
Although the ransomware does not appear to have been victimized yet, according to Bleeping Computer, the malware has some striking features. For example, this variant masquerades as a ddos tool called ‘low orbit ion cannon’, or Loic, which was used in the past to perform ddos attacks. The main user of the tool was the Anonymous group, which instructed people on how to use the tool. It would later turn out that Loic revealed the identity of the user, who used his computer as part of an attack.
In addition, the Kirk ransomware demands payment via the Monero crypto currency. Normally, bitcoin is the preferred means of payment for ransomware, but the developers of this variant did not agree. It is unclear why this option was chosen, because victims often already have difficulty making a payment via bitcoin, Bleeping Computer notes. Another notable element is that the ransomware mentions that mostly files related to games are encrypted. For example, the malware targets wotreplay and unity3d file extensions.
The Star Trek theme is reflected in the ransomware in several ways. For example, encrypted files are given the file extension ‘kirked’, as a reference to the character Kirk. The decryption program bears the name ‘Spock’.