A new strain of ransomware named Kirk has been observed and analyzed by researchers. Kirk Ransomware targets 625 file types for encryption, and like most ransomware, it then demands payment from the victim to decrypt those files. But despite the similarities, Kirk isn't your standard ransomware.
As of this writing, it remains unclear how Kirk is being distributed. It is known that Kirk disguises itself as the Low Orbital Ion Cannon, which is an open source network stress tool (or DDoS attack tool, depending on your intentions). Kirk Ransomware executable is named ‘loic_win32.exe,' and when executed, it will generate an AES password that will be used for encryption. The AES key will then be encrypted and saved in a file called ‘pwd,' which is saved in the same directory as ‘loic_win32.exe.' When Kirk has finished encrypting the targeted files it finds on the local drive, it will create ‘Ransom_Note.txt' in the same directory.
Kirk is the first strain of ransomware to require payment using Monero, which is an open source cryptocurrency that was launched a couple of years ago. It's unknown why the Kirk team decided to use Monero rather than Bitcoin, which is more familiar to the public. Monero is known for being anonymous and untraceable, and is widely considered to be “the dark net's cryptocurrency of choice.” Researchers have expressed concern that the use of Monero may create a point of confusion for victims unfamiliar with cryptocurrency. The criminals must think that confusion is worth it in exchange for the hyper-anonymity offered by Monero.
There is currently no decryptor for Kirk, save for the “Spock” decryptor that the Kirk criminals will provide upon payment. For technical details and screenshots, see the Bleeping Computer research here.
As with all ransomware, the best defense involves preventing the infection and protecting data that may be targeted. Barracuda has a handful of resources to help you follow best practices and align our solutions with your needs.
Christine Barry ist Senior Chief Blogger und Social Media Manager bei Barracuda. In dieser Rolle hilft sie, Barracuda-Geschichten zum Leben zu erwecken und die Kommunikation zwischen der Öffentlichkeit und den internen Barracuda-Teams zu erleichtern. Bevor sie zu Barracuda kam, war Christine über 15 Jahre lang als Außendiensttechnikerin und Projektmanagerin für K12- und KMU-Kunden tätig. Sie hat mehrere Abschlüsse in Technologie, einen Bachelor of Arts und einen Master of Business Administration. Sie ist Absolventin der University of Michigan.
Vernetzen Sie sich hier auf LinkedIn mit Christine.