Malware is a growing concern for many businesses. Upon infecting a device, it can steal or delete sensitive data, lock files or spread to other devices on the same network. While most forms of malware target hard drives, though, random access memory (RAM)-scraping malware uses a different approach: It targets RAM. What is RAM-scraping malware exactly, and how does it work?
The Basics of RAM-Scraping Malware
Also known simply as memory-scraping malware, RAM-scraping malware is a class of malicious software that’s designed to scan a device’s RAM. It can infect devices just like most other forms of malware. Rather than targeting a device’s hard drive, RAM-scraping malware targets the device’s RAM. It will scan the device’s RAM while “scraping” the temporarily stored data for malicious purposes.
How RAM-Scraping Malware Works
The purpose of RAM-scraping malware is to retrieve sensitive data from a device’s RAM. RAM, of course, consists of memory sticks that read and write temporary data. When a device becomes infected with RAM-scraping malware, its memory sticks will become compromised. The RAM-scraping malware will scan the device’s RAM while simultaneously capturing the stored data and transmitting it back to the hacker.
It’s important to note that RAM-scraping malware typically doesn’t target traditional desktop and laptop computers. Instead, it’s most common with point-of-sale (POS) systems. POS systems are retail transaction terminals that facilitate customer payments. They allow customers to make purchases at retail stores using a credit card or debit card. Because POS terminals are connected to the internet — and they contain RAM — they are oftentimes susceptible to RAM-scraping memory.
Because they are used to facilitate customer transactions, POS systems often contain payment information. They can contain credit card and debit card numbers as well as the names and addresses of the respective cardholders. With RAM-scraping malware, hackers can retrieve this data from the RAM of a POS system.
Tips to Protect Against RAM-Scraping Malware
If your business uses one or more POS systems, you should include safeguards to protect against RAM-scraping malware. Creating strong passwords can lower the risk of infection. POS systems require passwords. If a hacker knows the admin password to a POS system, he or she may be able to deploy RAM-scraping malware on it. Creating a strong password will protect the POS system from being breached, thus lowering the risk of a RAM-scraping malware infection.
You should also consider disabling remote access to all of your business’s POS systems. Remote access means that users located outside of your business’s network (e.g. elsewhere on the internet) can access a POS system by logging in to it. Small- and medium-sized businesses rarely need this feature. Assuming your business doesn’t need remote POS access, you should disable this feature.