Ramsay Malware
Cybersecurity specialists have identified a new piece of malware called Ramsay or the Ramsay Malware. The special thing about this threat is that it appears to serve a very specific purpose – it scans the infected computer's hard drive for ZIP, PDF, and Word files and then copies its contents to a hidden folder where they will stay until the malware manages to exfiltrate them. The special thing about this piece of malware is that it does not feature a traditional exfiltration module that would use the Internet to upload the collected files to a Command and Control server – instead, it appears to target air-gapped networks, and attempts to collect the files from them by looking for an alternative way to transfer them to the attacker.
Cybersecurity experts have not been able to pinpoint the exact method used to do this, but it is likely that the malware may rely on removable storage devices to help it with this part of the attack. It is likely that the malware was brought to air-gapped systems the same way since it includes a module that copies its executable to removable storage devices connected to the infected system.
The Ramsay Malware might be One of the Few Threats to Target Air-Gapped Systems
Air-gapped computers are considered to be the most difficult to penetrate system types – this is because they are excluded from the company's ordinary network, and are not connected to the Internet. This means that bringing any files to them or collecting any files from them will require a lot of effort and probably luck.
According to the cybersecurity specialists who discovered and analyzed the Ramsay Malware sample, it appeared to share a lot of similarities with an old piece of malware used by DarkHotel, a South Korean cybercrime organization. However, it is still premature to tell whether these hackers have anything to do with the development and usage of the Ramsay Malware.
Cybercriminals are always looking for ways to improve their attacks and access content that should be impossible to view – the Ramsay Malware is the latest proof of this, and it will be interesting to see if this malware manages to accomplish its purpose eventually.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.