A new Star Trek-themed malware variant has gone where no ransomware has gone before by demanding a ransom payment in Monero, an up-and-coming cryptocurrency that competes with bitcoin.

The “Kirk” ransomware, first discovered by Avast Software s.r.o. malware researcher Jakub Kroustek, is being distributed under the guise of a legitimate “Low Orbital Ion Cannon” tool used for testing a website’s capacity to deal with traffic load.

Appearing on a victim’s  computer as “loic_win32.exe,” the Kirk ransomware creates an AES key that encrypts the files, then uses a RSA-4096 public key to convert the Advanced Encryption Standard key into a file simply labeled as “pwd.”

Captain Kirk and Mr. Spock then appear on screen along with a ransom demand that starts at 50 Monero ($1,066) if the ransom is paid within two days, up to 500 Monero ($10,660) if it is paid after 15 days.

And because Star Trek fans can never have enough, once the ransom is paid users receive a decryptor named “Spock.”

There is currently no easy way to remove the Kirk ransomware, meaning it may well live long and prosper. But Lawrence Abrams at Bleeping Computer noted that it is important for users without a data backup to hold onto the pwd file:

“If you plan on paying the ransom for the Kirk Ransomware, you must not delete the pwd file as it contains an encrypted version of your decryption key. Only the ransomware developer can decrypt this file and if a victim wishes to pay the ransom they will be required to send them this file.”

Monero, the cryptocurrency demanded by the Kirk ransomware, is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralization and scalability. It differs from other cryptocurrencies in that it doesn’t use the blockchain. Instead, it runs on the CryptoNote protocol, which in theory makes it entirely private. With bitcoin, transactions can be traced across the digitally distributed blockchain ledger.

Image: Bleeping Computer