A word of caution for all you Game of Thrones fans, as your computer systems might get infected with Locky ransomware. The Locky ransomware is delivered via an email distribution campaign that uses Game of Thrones references in its scripting variables.
Victor Cornell an intelligence analyst with PhishMe on Friday mentions in a post about his recent Locky threat campaign discovery. His findings suggest the Visual Basic script delivered by the phishing email operation pays homage to the hit HBO fantasy drama Game of Thrones, based on George R. R. Martin’s series of novels A Song of Ice and Fire.
In the blog post, Victor Cornell writes –
Lightweight script applications designed to deliver malware often use rotating or pseudorandom variable names to ensure that the malware delivery tools look unique. In this case, many of the variables (some misspelled) referred to characters and events from GoT.
The references which he came across included variables like “Throne,” “Jon Snow,” “SansaStark,” “Aria,” “RobertBaration” (a misspelling of Robert Baratheon), and “HoldtheDoor.”
Cornell further said –
Phishing attacks are distinctive on the global threat landscape as an attack methodology that seeks to exploit the proclivities and behaviors of the people within an organization. It is only fitting that phishing threat actors would reveal their own tendencies and preferences as humans too. Humanizing the attacker serves as an important portion of assessing… the risk and intent of that attacker during the response process.”
Also Read: Top 5 Free Password Managers