Kirk Ransomware

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Kirk Ransomware
Kirk ransomware.png
Part of the ransom note
Written inPython[1]

Kirk Ransomware, or Kirk,[2] is malware. It encrypts files on an infected computer and demands payment for decryption in the cryptocurrency Monero. The ransomware was first discovered in 2017, by Avast researcher Jakub Kroustek.[2][3]


Kirk Ransomware is a trojan horse program that masquerades as Low Orbit Ion Cannon, an application used for stress testing and denial-of-service attacks.[1] Once activated, Kirk Ransomware searches the infected computer's hard drive for files with certain filename extensions, and encrypts and renames them, adding .kirked to the end of their filenames. When the encryption is finished, a window pops up, displaying an ASCII art image of Captain James T. Kirk and Spock from Star Trek: The Original Series, and informing the user that files have been "encrypted using military grade encryption." "SPOCK TO THE RESCUE!" the ransom note continues, and demands payment in order to receive a decryptor program named Spock.[4][5] The ransom demanded is initially 50 Monero (worth about $1,175 as of March 2017);[6] if not paid within 48 hours, the demand begins increasing, reaching 500 Monero after two weeks. If the ransom remains unpaid after 30 days, the decryption key is deleted, essentially rendering the encryption irreversible.[6] The ransom note includes a spurious quotation from Spock ("Logic, motherfucker"), and ends with "LIVE LONG AND PROSPER".[1]

Kirk Ransomware is the first known ransomware to demand payment in Monero; most other ransomware has demanded bitcoins.[7] Monero has significantly greater privacy protection than bitcoin, making transactions much more difficult to trace.[2][8]

A variant of Kirk Ransomware, named Lick Ransomware, was also discovered; it does not contain Star Trek references.[9]


  1. ^ a b c "Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!". 2017-03-16. Retrieved 2020-01-04.
  2. ^ a b c Fields, Ziska (2018). Handbook of Research on Information and Cyber Security in the Fourth Industrial Revolution. IGI Global. p. 105. ISBN 978-1-5225-4764-8.
  3. ^ "Shameless crooks fling Star Trek-themed ransomware at world". The Register. 2017-03-17. Retrieved 2020-01-04.
  4. ^ Bremner, Bill (2017-03-24). "Spock will unlock Kirk ransomware – after you beam up a bunch of Monero". Sophos. Retrieved 2020-01-04.
  5. ^ "Kirk ransomware sports Star Trek-themed decryptor and little-known crypto-currency". 17 March 2017. Retrieved 2020-01-04.
  6. ^ a b Ms. Smith (19 March 2017). "Star Trek-themed Kirk ransomware discovered". CSO Online. Retrieved 2020-01-04.
  7. ^ "Kirk ransomware – A Star Trek Themed Ransomware that requests Monero payments". Cyber Defense Magazine. 22 March 2017. Retrieved 2020-01-04.
  8. ^ Hern, Alex (December 11, 2017). "Missed the bitcoin boom? Five more baffling cryptocurrencies to blow your savings on". The Guardian. Retrieved May 7, 2020.
  9. ^ "The Week in Ransomware – March 17th 2017 – Revenge, PetrWrap, and Captain Kirk". 2017-03-18. Retrieved 2020-01-04.