Security researchers from ESET recently discovered a new cyber espionage campaign codenamed “Ramsay” which is designed to steal sensitive documents from air‑gapped networks. Ramsay can infect air-gapped computers, collect Word, PDF, and ZIP files in a hidden folder, and then exfiltrate them, researchers said.
An air-gap is a security measure to ensure computer networks are physically isolated from the rest of the company’s networks and from potentially unsecured networks like public internet.
“We initially found an instance of Ramsay in VirusTotal. That sample was uploaded from Japan and led us to the discovery of further components and versions of the framework, along with substantial evidence to conclude that this framework is at a developmental stage, with its delivery vectors still undergoing fine-tuning,” the researchers said in an official post.