You may end up finding yourself amid the Dothrakis, unsullied, and three fully grown dragons if you fail to pay up. But, if you are a Lannister, who always pays his debts you may find yourself in a better proposition to handle the Locky ransomware. And even the other who haven’t understood the Game of Thrones references in the above lines, you must be beware of the Locky, a new ransomware that has been doing sporadic rounds. These are delivered in the email distributed campaign and even use Game of Thrones, a hit HBO fantasy series based on the novels my George RR Martin, A Song of Fire and Ice, references in its scripts.
In a blog spot, titled, “A Song of Ice and Ransomware: Game of Thrones References in Locky Phishing,” author Victor Cornell elaborated the Locky threat campaign, suggesting that the visual basic script of the phishing emails pays a tribute to Game of Thrones.
Variable names found in this VB script has characters of the TV series like Aria, SansaStark, RobertBaration, JohnSnow, or HoldTheDoor (aka Hodor).
“Lightweight script applications designed to deliver malware often use rotating or pseudorandom variable names to ensure that the malware delivery tools look unique. In this case, many of the variables (some misspelt) referred to characters and events from the globally-popular television fantasy epic Game of Thrones,” writes Victor Cornell, “Looking at this script offers some insight into what pop culture elements have influenced the threat actors. Like everyone else in modern society, they have interests and preferences, favorite music, movies, and television shows. The attackers allowed this to show through their selection of variable names.”
“The runtime for this script is indifferent to the variable names. The variable names could be anything, including completely random combinations of letters and numbers. However, the criminals responsible for this attack chose a distinctive theme for their variables, thereby revealing their interest in this pop culture phenomenon,” he notes.