Threat Management, Malware, Phishing, Ransomware

Locky is coming: Ransomware campaign uses Game of Thrones-themed scripting variables


A Lannister always pays his debts. And you, too, may have to pay up if you become infected with Locky ransomware, delivered in an email distribution campaign that uses Game of Thrones references in its scripting variables.

In a company blog post on Friday, PhishMe intelligence analyst Victor Cornell describes recently discovered Locky threat campaign, noting that the Visual Basic script delivered by the phishing email operation pays homage to the hit HBO fantasy drama, based on George R. R. Martin's series of novels A Song of Ice and Fire.

"Lightweight script applications designed to deliver malware often use rotating or pseudorandom variable names to ensure that the malware delivery tools look unique. In this case, many of the variables (some misspelled) referred to characters and events from GoT," Cornell writes.

References spotted among the variables include "Throne," "Jon Snow," "SansaStark," "Aria," "RobertBaration" (a misspelling of Robert Baratheon), and "HoldtheDoor."

“Phishing attacks are distinctive on the global threat landscape as an attack methodology that seeks to exploit the proclivities and behaviors of the people within an organization. It is only fitting that phishing threat actors would reveal their own tendencies and preferences as humans too," Cornell continues. "Humanizing the attacker serves as an important portion of assessing... the risk and intent of that attacker during the response process."

No word yet if victims have to pay the ransom in Gold Dragon Coins instead of bitcoin.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.