The problem with this kind of attack is that, as the name implies, it does not rely on files being copied to the infected computer’s hard drive. Instead, commands are injected into the computer’s RAM and run from there.
This has one very important drawback, and one equally important advantage.
Any time hackers leave files behind, it creates a kind of digital footprint, which can, given time, be traced back to them.
Hackers don’t like getting caught, so the chief advantage of a RAM-based attack is that it leaves almost no forensic evidence, and certainly nothing that can be traced back to any given point of origin.
Having said that, there’s that drawback to consider.
Since the malware exists only in the machine’s RAM, simply rebooting the infected computer will get rid of it. That’s a really easy fix, so you might be wondering why the hackers would bother.
The answer is simply that some computers almost never get rebooted.
Take, for example, the computers that run ATMs. This is, in fact, exactly what the hackers have been doing. By wresting control of a computer that controls the machine that spits out the money, hackers have literally created a ready-made cash cow.
Unfortunately, there’s no good way to tell how long this has been occurring. It could be that it just started a month ago, or it may be the case that back in 2014 when Kaspersky Labs first identified the attack, it had already been in place for some time. There’s just no way to know.
One thing is certain, though. Banks aren’t safe, and neither is your money.