Now this is a just a low blow. A new strain of ransomware called “Kirk” is in the wild. Unlike most strains, this one uses Monero instead of Bitcoin for payment. Once you do pay, it provides a decryptor called “Spock”. The bad news, it doesn’t look like the ransomware can actually do the decryption at this point, so they are effectively dragging poor Spock’s name through the mud. That’s just wrong! It does have a cool ASCI art ransom screen though
The good news? It looks like it’s being spread by passing itself along as a copy of LOIC (Low Orbit Ion Cannon), so if you aren’t dorking around with tools like that, you should be ok.
So help me, if they do something like this based on a Firefly theme, I’m going to hunt them down and smack them up side the melon by myself.
Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.
There is an effective removal guide for this ransomware strain already https://malwareless.com/kirk-ransomware-virus-remove/