RAM Scraping

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
1. Random Access Memory (RAM) is a hardware device found in a computer that allows storage and retrieval of information. Various sorts of organizational information can be found in the employees’ computers. RAM scraping refers to the deployment of a malware that is specifically designed to monitor and extract targeted data from physical memory.

Notes (1): This tool allows cyber criminals to bypass on-disk or network-based encryption. Related Term: Malware







Click to know more about expert level training

(Source: Business Continuity Management Institute - BCM Institute)

 

A Manager’s Guide to Business Continuity Management for Cybersecurity Incident Response

2. RAM scraping involves malware designed to monitor and extract specific, targeted data from physical memory. Our analysis of this type of malware indicates that threat actors customize their tools to work in specific environments, such as on application-specific POS servers and terminals. Typical threat actors include those seeking financial gain, such as organized criminal networks, as well as independent hacking groups
Source: (Verizon, 2016)

3. RAM scraping is an evolution of traditional data theft tools designed to bypass on-disk or network-based encryption. By accessing credit card information immediately after a card swipe, while it is still in memory, a RAM scraper is able to collect the data in plain text, prior to any encryption.
Source: (Verizon, 2017)