Ramsay

Ramsay is a sophisticated malware that was discovered by researchers at ESET in 2020. This malicious software is designed to infiltrate and exploit air-gapped networks, which are typically isolated from other networks for security reasons. Once it has infected a system, Ramsay can collect and exfiltrate sensitive documents, even operating within these secure, disconnected environments. The collected files are then compressed using a WinRAR instance that the Ramsay Installer drops. The impact of Ramsay became evident when Ramsay Health Care, Australia's largest private hospital owner, experienced significant disruption to its phone services across its 70 hospitals and clinics. The company confirmed via Facebook that the outage was due to a national issue with Optus telecommunications. During this period, they advised patients and staff to contact their local Ramsay hospital through the contact form on each hospital's website. The outage also affected other health institutions like Northern Health district in Melbourne, which reported that all phone lines into its hospital campuses had been impacted. The discovery of Ramsay underscores the growing threat posed by cyber-espionage activities, particularly those targeting critical infrastructure such as healthcare. Despite the sophistication of air-gapped networks, Ramsay demonstrates that these systems are not immune to infiltration. As such, organizations must continue to invest in robust cybersecurity measures, including regular system updates, employee education, and advanced threat detection tools, to protect against such sophisticated attacks.