Ramsay Malware

The Ramsay Malware is the name of a newly detected threat that has a precise objective – it targets work-related files. When the Ramsay Malware infiltrates a targeted system, it will perform a scan to locate Microsoft Word files, as well as .ZIP and .PDF files. The contents of the targeted files will be copied to a concealed folder where they will be kept until further notice.

Usually, data collection occurs by looking for the targeted files on the compromised system and then using the HTTP or FTP protocol to transfer them to the attacker's server. This threat, however, does not support this feature - this is likely to mean that it does not depend on an operative Internet connection to move the files from the compromised system. In addition to this, the fact that samples of the malware were found in air-gapped computers, may mean that the attackers are well aware that their threatening application will not get to use the Internet to perform its evil deeds.

Malware researchers are yet to uncover how this is achieved. Some speculate that removable storage devices may be at play in the Ramsay Malware campaigns. Air-gapped systems, like the ones targeted by the Ramsay Malware, are very difficult to infiltrate as they are separated from the main network of companies purposefully to boost their security. Compromising an air-gapped system requires a lot of know-how and dedication.

After studying the Ramsay Malware, cybersecurity analysts found some striking similarities between this threat and an outdated hacking tool that belongs to the South Korean DarkHotel cybercrime group. However, it is not clear whether the Ramsay Malware belongs to the DarkHotel hacking group, or this is nothing more than a coincidence.

The Ramsay Malware is an intriguing threat that has promising potential. There are many possibilities that we will see more activity from the Ramsay Malware in the future.