
New Ramsay malware can steal sensitive documents from air-gapped networks - mirciulica
https://www.zdnet.com/article/new-ramsay-malware-can-steal-sensitive-documents-from-air-gapped-networks/
======
MrEldritch
Perhaps I'm missing something, but ... this malware's initial infection vector
is via email. If your computer is connected to email, it cannot _possibly_ be
air-gapped, unless I'm severely misunderstanding what "air-gapped" means.

I assume that it's meant that the malware infects an internet-connected
computer, jumps to removable storage, and then hopefully that storage is
plugged into the target computer, possibly through multiple intermediate
infections? But the fact that viruses can spread via thumbdrives is hardly
novel either.

And the kicker, of how you get the files _out_ of the air-gap, is also not
mentioned; "ESET says that during its research, it was not able to identify
any Ramsay exfiltration module just yet." I'm certainly aware of a number of
sexy proof-of-concept side-channel attacks that modulate things like fan noise
or graphics card activity or infrasound to try and exfiltrate data in a way
that an external agent could pick up, but there's no evidence that this
malware uses any of them; perhaps the hope is that another infected flash
drive gets plugged in with an exfiltration module, slurps up the data, and
then transmits it out when it's plugged back into a network-connected machine.

