Home Malware Programs Ransomware Kirk Ransomware

Kirk Ransomware

Posted: March 17, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 24
First Seen: March 17, 2017
OS(es) Affected: Windows


The Kirk Ransomware is a crypto-threat that appears to be distributed as a fake variant of Low Orbital Ion Cannon (LOIC), a free network-stressing tool that might sometimes be used to perform a denial of service attack on individual clients. The peculiar thing about it is that LOIC is a tool used by wannabe hackers mostly, and this means that the crooks behind the Kirk Ransomware have opted to turn their own people in their primary targets. The unlucky users who end up downloading and executing the fake version of LOIC may be in for some dire consequences since the Kirk Ransomware's attack is likely to leave most of their files encrypted. The sample of the Kirk Ransomware that malware researchers came across is able to encrypt over 600 different types of files, therefore guaranteeing that the computers infected by the Kirk Ransomware will not have many usable files left on them.

A Star Trek Fan is Behind this File-Encryption Trojan

Every file that the Kirk Ransomware locks also will be renamed by appending the '.kirked' extension to the end of its name (e.g. 'video.wmv' will be renamed to 'video.wmv.kirked'). As for the ransom message that this threat uses, the Kirk Ransomware will display a new window titled 'Kirk' that contains a copy of the ransom note, as well as ASCII images of Kirk and Spock – two famous characters from the Star Trek TV series. In addition to the program window, the Kirk Ransomware also drops a text-based ransom message in the file 'RANSOM_NOTE.txt.' The presence of Spock may sound out of place for now, but this character is included because the ransom note states that the name of the decryption tool they provide is 'Spock.' However, it is not yet validated whether the Spock tool exists and whether the cyber crooks behind the Kirk Ransomware will restore the victim's files if the payment is completed successfully.

The ransom sum that the Kirk Ransomware's authors demand is not specified in the message, but there's another interesting piece of information regarding this – the Kirk Ransomware's operators demand all payments be completed via Monero, a fairly new crypto-currency that is not as popular as Bitcoins. The reasoning behind this decision is unknown, and malware researchers find it rather peculiar since many people are still not aware of how to purchase Bitcoins despite the cryptocurrency's popularity, and it is likely that even fewer people will know how to complete payments with Monero. Regardless if you know or don't know how to use Monero, you should keep in mind that sending money to the cyber crooks behind the Kirk Ransomware is not guaranteed to save your files. Although they promise to help all paying victims who send the 'pwd' file to either kirk.help@scryptmail.com or kirk.payments@scryptmail.com, they don't offer any guarantee that this will happen.

The recommended course of action if your files were locked by the Kirk Ransomware is to run a reputable anti-malware tool that will help you make sure that the crypto-threat's components have been removed permanently from your computer immediately. However, due to the nature of ransomware attacks, anti-virus tools are unable to help with the encrypted files, and users need to find an alternative method to recover them. Some ransomware families use a flawed encryption that may be cracked but, unfortunately, this is not the case with the Kirk Ransomware, and victims of this threat will not have access to a free decryption utility.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kirk Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 5.75 MB (5756255 bytes)
MD5: 78117f7acc8b385e9b29fe711436d16d
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017

Related Posts