A new strain of ransomware was discovered by a security researcher at Avast. The Kirk Ransomware is written in Python and may be the first ransomware to utilize Monero as the ransom payment of choice. Engin Kirda, Co-Founder at Lastline commented below.
Engin Kirda, Co-Founder at Lastline:
“Ransomware, such as the Kirk malware, by its very nature, tips its hand with characteristics that make it predictable and recognizable. The most obvious is that all ransomware has, and will always have, a ransom note—and therein lies its Achilles’ heel. Unlike other forms of malware, ransomware always contains this one very distinguishable and easily detectable component. It must inform the victim of the attack, and provide instructions for paying the ransom. Security controls benefit from this and other predictable behaviours. Advanced malware protection tools can readily and accurately detect these activities as malicious and part of a ransom plot before files are frozen and ransoms demanded.”