Chucky is released again in movie theaters. Horror is a lucrative genre if you are a creative writer.  Which is fake Chucky, Us or the Loch Ness Monster? Spoiler alert is announced. Fans of  mythology would have said Chucky is fake, and fans of horror could have said the Loch Ness monster is fake.  Fans of William Friedkin might not justify Jordan Peele’s Us as visceral horror.   Peele delivers horror in human forms.  Exit signs and apples are symbolic in Us. Why are exit signs red? Chucky is a monster toy or toy monster?  Chucky originally debuted in Child’s Play in 1988.  Loch Ness Monster has plagued children memories since 1933, and the monster was first reported by Londoner George Spicer. Are we to believe this reporter after all? Us made its movie theater debut three day ago.  Us demonstrates the epic battle between good and evil that has plagued horror for decades.  The series of blogs jars at Rayome’s worst top ten ransomware attacks of 2017.  The top three scariest ransomware, according to Rayome, are WannaCry, NotPetya and Locky. This is the second blog in the series. Locky has merit to be frightening because of its mode of operation.  Hasherezade refers to Locky’s mode of operation as mature infrastructure.   Horror has a mode of operation as well.  Horror bends, folds and morphs the human condition.  Horror has delivery (e.g., toy, human and maze).  Ransomware has delivery (e.g., human, phishing and macros).  Ransomware has destruction.  Horror has destruction.  What is ransomware?  Ransomware is a malicious software that limits user’s access  to some data until a paid ransom. Locky launched in  2016 and was delivered in exploit kits and malspam. What is a malspam? According to Brockmyer, Manager of IT Information Security at Intel Corporation, malspam is a combination of malware and spam.  Locky had been aided by Neutrino, RIG and Nuclear exploit kits, which were effective methods in distributing malware.  These exploit kits and others (i.e., Angler and Magnitude) have reduced in intensity due to the capture of cyber gangs, better defense and social engineering according to Spring.  Social engineering is infectious and rabid. Social engineering manipulates users in performing actions that extract information, commit fraud, gain unauthorized access and twist relationships.   Social engineering attacks has been disastrous and costly.  Chris Allen reports on a costly social engineering attack in 2013.  In this attack,  a larger number of Target customer’s financial data were stolen, and the company lost $162 million in fees.  The number of customers affected had risen to 110M.  The attack had two simultaneous moving parts-creepy. The first moving part caught Target’s HVAC vendor, Fazio Mechanical Services, sleeping. Sleep is kryptonite in many horror films.  Don’t fall asleep! The vendor was not actually sleeping; however, vendor succumbed to phishing email.   The second moving part scanned point-of-sales-terminals random access memory for transaction data, which is called PoS attack.  Other well-known social engineering attacks are Yahoo in 2016,  DNC in 2016, Sony in 2014, Department of Labor Watering Hole Attack in 2013 and RSA SecurID Cybersecurity Attack in 2011.  Health care, banking, utilities, shipping and media industries are soft targets of social engineering attacks. Although the occurrence happened in December 2018, Delaware Guidance Services for Children & Youth (DGS) paid a digital ransom to unlock encrypted servers.  Social engineering attacks are continuous, and horror movies are continuous.

^{Resources
Allen, C. “7 Most Famous Social Engineering Attacks In History, Be Prepared.” 27 September 2018, Phoenixnap.com, https//phoenixnap.com/blog/famous-social-engineering-attacks. Accessed 25 March 2019.
Brockmyer, D. “Malspam and Ransomeware”.  2016 October, Isaca.org, https//www.isaca.org/chapters7/Sacramento/Events/Documents/5%20-%20Dave%20-%20ENDNOTE%20-%20Malspam%20and%20Ramsomware%20(3).pdf. Accessed 24 March 2019.
“Child’s Play (franchise).” 24 March 2019, Wikipedia, The Free Encyclopedia, Wikipedia, The Free Encyclopedia. https//en.wikipedia.org/wiki/Child%27s_Play_(franchise). 22 March 2019.
GitHub Inc., https//github.com/vz-risk/VCDB/issues/13308. Accessed 25 March 2019.
Goedert, J. “Delaware Guidance pays ransom to get its records back.” 18 March 2019, Health Data Management, https//www.healthdatamanagement.com/news/delaware-guidance-pays-ransom-to-get-its-records-back?feed=00000152-0d65-df23-add6-5f655ec10000. Accessed 25 March 2019.
Hasherezade “Look Into Locky Ransomware.” 28 July 2016. Malwarebytes Labs, https//blog.malwarebytes.com/threat-analysis/2016/03/look-into-locky/. Accessed 24 March 2019.
“Loch Ness Monster.” 7 March 2019, Wikipedia, The Free Encyclopedia, Wikipedia, The Free Encyclopedia.  https//en.wikipedia.org/wiki/Loch_Ness_Monster. Accessed 23 March 2019.
Malwarebytes Labs “Ransom.Locky.” Malwarebytes Lab, https//blog.malwarebytes.com/detections/ransom-locky/. Accessed 24 March 2019.
New Jersey Cybersecurity & Communication Integration Cell “Exploit Kits.” New Jersey Cybersecurity & Communication Integration Cell, https//www.cyber.nj.gov/threat-profiles/exploit-kits/. 24 March 2019.
Rayome, Alison D. “The top 10 worst ransomware attacks of 2017, so far.” 31 October 2017, Tech Republic, https//www.techrepublic.com/article/the-top-10-worst-ransomware-attacks-of-2017-so-far/. Accessed 22 January 2019.
Spring, T. “Where Have All The Exploit Kits Gone.” 17 March 2017, Threatpost.com, https//threatpost.com/where-have-all-the-exploit-kits-gone/124241/. 24 March 2019.
s2art. Future overview. 24 March 2006. Flickr. https//www.flickr.com/photos/s2art/. Accessed 22 January 2019.}