[MrEldritch]

Perhaps I'm missing something, but ... this malware's initial infection vector is via email. If your computer is connected to email, it cannot possibly be air-gapped, unless I'm severely misunderstanding what "air-gapped" means.

I assume that it's meant that the malware infects an internet-connected computer, jumps to removable storage, and then hopefully that storage is plugged into the target computer, possibly through multiple intermediate infections? But the fact that viruses can spread via thumbdrives is hardly novel either.

And the kicker, of how you get the files out of the air-gap, is also not mentioned; "ESET says that during its research, it was not able to identify any Ramsay exfiltration module just yet." I'm certainly aware of a number of sexy proof-of-concept side-channel attacks that modulate things like fan noise or graphics card activity or infrasound to try and exfiltrate data in a way that an external agent could pick up, but there's no evidence that this malware uses any of them; perhaps the hope is that another infected flash drive gets plugged in with an exfiltration module, slurps up the data, and then transmits it out when it's plugged back into a network-connected machine.