A cyber-espionage malware has been discovered that s capable of collecting and exfiltrating documents from within air gapped networks. The malware, dubbed Ramsay, is still under active development. The toolkit shares many artifacts with Retro, a backdoor malware associated with DarkHotel, a notorious APT group that has targeted government entities in China and Japan previously. Researchers have found three different samples of the toolkit, with each adding new features. Ramsay does not have a network-based command-and-control (C2) communication protocol.
Source: https://threatpost.com/ramsay-malware-air-gapped-networks/155695/