May 17, 2020

Ramsay Malware Steals Sensitive Files from Air-Gapped Computers

Posted by in categories: cybercrime/malcode, internet

Security researchers from ESET recently discovered a new cyber espionage campaign codenamed “Ramsay” which is designed to steal sensitive documents from air‑gapped networks. Ramsay can infect air-gapped computers, collect Word, PDF, and ZIP files in a hidden folder, and then exfiltrate them, researchers said. An air-gap is a security measure to ensure computer networks are physically isolated from the rest of the company’s networks and from potentially unsecured networks like public internet.

“We initially found an instance of Ramsay in VirusTotal. That sample was uploaded from Japan and led us to the discovery of further components and versions of the framework, along with substantial evidence to conclude that this framework is at a developmental stage, with its delivery vectors still undergoing fine-tuning,” the researchers said in an official post.

Researchers stated that they found three different samples of the Ramsay malware, one discovered in September 2019 (Ramsay v1), and other two in early and late March 2020 (Ramsay v2.a and v2.b).

Comments are closed.