Kirk Ransomware
Posted: March 17, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | March 17, 2017 |
|---|---|
| Last Seen: | April 11, 2022 |
| OS(es) Affected: | Windows |
The Kirk Ransomware is a crypto-threat that appears to be distributed as a fake variant of Low Orbital Ion Cannon (LOIC), a free network-stressing tool that might sometimes be used to perform a denial of service attack on individual clients. The peculiar thing about it is that LOIC is a tool used by wannabe hackers mostly, and this means that the crooks behind the Kirk Ransomware have opted to turn their own people in their primary targets. The unlucky users who end up downloading and executing the fake version of LOIC may be in for some dire consequences since the Kirk Ransomware's attack is likely to leave most of their files encrypted. The sample of the Kirk Ransomware that malware researchers came across is able to encrypt over 600 different types of files, therefore guaranteeing that the computers infected by the Kirk Ransomware will not have many usable files left on them.
A Star Trek Fan is Behind this File-Encryption Trojan
Every file that the Kirk Ransomware locks also will be renamed by appending the '.kirked' extension to the end of its name (e.g. 'video.wmv' will be renamed to 'video.wmv.kirked'). As for the ransom message that this threat uses, the Kirk Ransomware will display a new window titled 'Kirk' that contains a copy of the ransom note, as well as ASCII images of Kirk and Spock – two famous characters from the Star Trek TV series. In addition to the program window, the Kirk Ransomware also drops a text-based ransom message in the file 'RANSOM_NOTE.txt.' The presence of Spock may sound out of place for now, but this character is included because the ransom note states that the name of the decryption tool they provide is 'Spock.' However, it is not yet validated whether the Spock tool exists and whether the cyber crooks behind the Kirk Ransomware will restore the victim's files if the payment is completed successfully.
The ransom sum that the Kirk Ransomware's authors demand is not specified in the message, but there's another interesting piece of information regarding this – the Kirk Ransomware's operators demand all payments be completed via Monero, a fairly new crypto-currency that is not as popular as Bitcoins. The reasoning behind this decision is unknown, and malware researchers find it rather peculiar since many people are still not aware of how to purchase Bitcoins despite the cryptocurrency's popularity, and it is likely that even fewer people will know how to complete payments with Monero. Regardless if you know or don't know how to use Monero, you should keep in mind that sending money to the cyber crooks behind the Kirk Ransomware is not guaranteed to save your files. Although they promise to help all paying victims who send the 'pwd' file to either kirk.help@scryptmail.com or kirk.payments@scryptmail.com, they don't offer any guarantee that this will happen.
The recommended course of action if your files were locked by the Kirk Ransomware is to run a reputable anti-malware tool that will help you make sure that the crypto-threat's components have been removed permanently from your computer immediately. However, due to the nature of ransomware attacks, anti-virus tools are unable to help with the encrypted files, and users need to find an alternative method to recover them. Some ransomware families use a flawed encryption that may be cracked but, unfortunately, this is not the case with the Kirk Ransomware, and victims of this threat will not have access to a free decryption utility.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 5.75 MB (5756255 bytes)
MD5: 78117f7acc8b385e9b29fe711436d16d
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 11, 2022
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.