Kirk Ransomware

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Kirk Ransomware
Kirk ransomware.png
The ransomware's demand image
Point of origin2017
Written inEnglish

Kirk Ransomware, or Kirk,[1] is a ransomware malware originated in 2017. The ransomware is installed as a Trojan horse which locks the infected computer's files and demands payment in the Monero cryptocurrency.[1]


When Kirk Ransomware is activated, a message box pops up purporting to start a "Low Orbital Ion Cannon" on the computer.[2] In the meantime, all files with common file extensions on the computer get encrypted with .kirked as an additional file extension at the end. The ransom note then pops up with an ASCII art image of Captain James T. Kirk and Spock from Star Trek: The Original Series claiming that Kirk ransomware had encrypted the computer with a demand for 50 Monero (approximately $1,100) for the "Spock decryptor".[3][4] The ransomware uses Star Trek references during its instructions as well with the quote "Logic, motherfucker" used by Spock (without the swear word) and ending the ransom demand with "live long and prosper".[2] The price doubles after 48 hours of non-payment then doubles each week that passes until after 31 days, the decryptor is deleted.[5] A similar style ransomware was later released called "Lick Ransomware" that behaves the same as Kirk Ransomware except the encrypted file extension is changed to .licked and the Star Trek references are removed.[6]


Kirk Ransomware was first discovered by the Avast researcher Jakub Kroustek.[7] Some ransomware experts argued that in the Kirk ransomware being the first ransomware using Monero,[8] it is an upgrade on the bitcoin cryptocurrency usually requested in ransomware demands as Monero is untraceable as it does not use a blockchain.[1][9]


  1. ^ a b c Fields, Ziska (2018). Handbook of Research on Information and Cyber Security in the Fourth Industrial Revolution. IGI Global. p. 105. ISBN 1522547649.
  2. ^ a b "Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!". 2017-03-16. Retrieved 2020-01-04.
  3. ^ Bremner, Bill (2017-03-24). "Spock will unlock Kirk ransomware – after you beam up a bunch of Monero". Sophos. Retrieved 2020-01-04.
  4. ^ "Kirk ransomware sports Star Trek-themed decryptor and little-known crypto-currency". Retrieved 2020-01-04.
  5. ^ Ms. Smith. "Star Trek-themed Kirk ransomware discovered". CSO Online. Retrieved 2020-01-04.
  6. ^ "The Week in Ransomware - March 17th 2017 - Revenge, PetrWrap, and Captain Kirk". 2017-03-18. Retrieved 2020-01-04.
  7. ^ "Shameless crooks fling Star Trek-themed ransomware at world". The Register. 2017-03-17. Retrieved 2020-01-04.
  8. ^ "Kirk ransomware – A Star Trek Themed Ransomware that requests Monero payments". Cyber Defense Magazine. Retrieved 2020-01-04.
  9. ^ Riley, Duncan (2017-03-22). "New Star Trek-themed attack goes where no ransomware has gone before". Silicon Angle. Retrieved 2020-01-04.