Kirk Ransomware

Kirk Ransomware Description

The Kirk Ransomware is a file encoder Trojan that might be the work of a die-hard fan of the Star Trek universe. The Kirk Ransomware surfaced on security reports on March 16th, 2017 and the Trojan is rigged with many references to Gene Roddenberry' Star Trek science fiction franchise. The Kirk Ransomware may be spread among the Windows OS community via spam messages and corrupted text documents that act as installers for the threat. The Kirk Ransomware arrives on computers bundled with a Spock Decryptor and works in offline mode. The Kirk Ransomware generates a key file before it proceeds to encode data and obfuscates the encryption key by using the RSA-2048 cryptographic algorithm.

The Kirk Ransomware Does Not Include an Advanced AI and Uses Modern Day Encryption Standards

The Kirk Ransomware is a standalone project, but it shares similarities with the Karma Ransomware and needs the cooperation of the user to initiate the decryption process. As stated above, when the Kirk Ransomware is started for the first time it creates an object named 'PWD' that is your password. The Kirk Ransomware is a threat to a little more than six hundred data types, and the Trojan is ranked among threats such as the Smrss32 Ransomware and the Kasiski Ransomware. Enciphered objects can be recognized by the '.kirked' suffix placed after the original file extension. Thus, 'Saanen goat.pptx' is renamed to 'Saanen goat.pptx.kirked'—the file lacks a thumbnail and has a generic white icon associated with the files that are not unrecognized by the Windows OS. When the Kirk Ransomware is installed, it gains administrative privileges and might encipher data on network assigned storage that can be accessed by multiple users on the same local network.

The Kirk Ransomware is the First to Use Monero for the Payment Transaction

The Kirk Ransomware is written in the Python programming language and is the first encryption Trojan to use the Monero digital currency for the ransom payment. Users that were compromised by the Kirk Ransomware can find 'RANSOM_NOTE.txt' on their desktops that urges them to buy 50 Monero (1193 USD/1109 EUR), transfer the sum to a wallet address, and write an email to or The message to and is supposed to include your wallet address and computer name to receive the appropriate 'Spock Decryptor' and unlock the content on your disks. You should note that the price for 'Spock Decryptor' rises with the passing of time and a month later after the infection took place the price amounts to 500 Monero (11935 USD/11 096 EUR).

You Need a Backup Manager to Counter the Orbiting Kirk Ransomware

Unfortunately, the data corrupted by the Kirk Ransomware is undecipherable and paying may be the only option to recover data for some users. Cyber security researchers note that the best protection against threats like the Kirk Ransomware is to run a backup manager and make sure your backups are exported to a remote password-protected drive. The Kirk Ransomware is similar to the CryPy Ransomware and can be modified to include more features easily. Server administrators should consider the Kirk Ransomware a credible threat to systems under their management since it can run on Web servers as well. Regular computer users should remove the Kirk Ransomware with the help of a reliable anti-malware instrument. AV vendors may detect the files related to the Kirk Ransomware as:

  • Python/Filecoder.Kirk.A
  • Ransom.Kirk
  • Ransom_KIRK.A
  • TR/KirkRansom.A
  • Trojan ( 00506e781 )
  • Trojan-Ransom.Kirky
  • Trojan.Win32.Z.Agent.5756255[h]
  • Trojan/Win32.Ransom.C1864535
  • Trojan:Win32/Skeeyah.A!rfn

Infected with Kirk Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Kirk Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 9 + 3 ?