Kirk Ransomware

Kirk Ransomware, or Kirk, is malware. It encrypts files on an infected computer and demands payment for decryption in the cryptocurrency Monero. The ransomware was first discovered in 2017, by Avast researcher Jakub Kroustek.

Description
Kirk Ransomware is a trojan horse program that masquerades as Low Orbit Ion Cannon, an application used for stress testing and denial-of-service attacks. Once activated, Kirk Ransomware searches the infected computer's hard drive for files with certain filename extensions, and encrypts and renames them, adding  to the end of their filenames. When the encryption is finished, a window pops up, displaying an ASCII art image of Captain James T. Kirk and Spock from Star Trek: The Original Series, and informing the user that files have been "encrypted using military grade encryption." "SPOCK TO THE RESCUE!" the ransom note continues, and demands payment in order to receive a decryptor program named Spock. The ransom demanded is initially 50 Monero (worth about $1,175 as of March 2017); if not paid within 48 hours, the demand begins increasing, reaching 500 Monero after two weeks. If the ransom remains unpaid after 30 days, the decryption key is deleted, essentially rendering the encryption irreversible. The ransom note includes a spurious quotation from Spock ("Logic, motherfucker"), and ends with "LIVE LONG AND PROSPER".

Kirk Ransomware is the first known ransomware to demand payment in Monero; most other ransomware has demanded bitcoins. Monero has significantly greater privacy protection than bitcoin, making transactions much more difficult to trace.

A variant of Kirk Ransomware, named Lick Ransomware, was also discovered; it does not contain Star Trek references.