memory scraping attack

ou "pervasive memory scraping"

Memory scraping malware goes after encrypted private information

"Simply put, pervasive memory scraping is used by attackers who have gained administrative privileges to successfully get hold of personally identifiable information (PII) and other sensitive data held encrypted in a file system (...). Evidence of this attack is coming up again and again in data-breach cases, he said.(...)

Although data encryption is widely regarded as good protection for sensitive data — and may be required under regulations — attackers are probing the chinks in encryption's armor to steal it. That's done by taking advantage of the fact that to be processed, data has to be unencrypted, and attackers "go into memory and grab the crypto key" and start "fetching the PII itself from memory."