Ransomware That Secretly Infiltrates Processor: 'Formatting Is Not The Solution'

Ransomware moves to hardware level
The world’s first CPU-level ransomware has emerged. Developed by Rapid7’s director of threat analytics, Christiaan Beek, the conceptual malware exploits a vulnerability discovered in AMD’s Zen architecture that allows attackers to load unauthorized microcode onto processors.
 
 
Unsigned microcode uploading made possible
Google security researchers previously identified a vulnerability that allowed unsigned microcode patches to be loaded into AMD Zen 1 through Zen 4 processors. It was later discovered that this was also the case with the Zen 5 series. Beek used these vulnerabilities to develop a prototype ransomware that operates at the hardware level and manages encryption operations.
 
It remains effective even after the operating system is reinstalled.
The software developed by Beek does not lose its effect even if the system is formatted. Because the software works directly on the microcode level of the processor. Although it is stated that the code will not be made public, the fact that such a software has been developed shows that similar attacks can be carried out by others.
 
Ransomware schemes inside UEFI exposed
In his analysis, Beek also referred to chat logs belonging to the Conti ransomware gang, which were leaked in 2022. In these logs, gang members discussed the idea of ​​​​inserting the ransomware into UEFI and aimed to keep the system encrypted even if Windows was reinstalled.
 
Hardware security comes to the fore
Christiaan Beek states that hardware security should be at the center of cyber defense strategies following the development. According to him, unless the vulnerabilities at the CPU and firmware level are closed, strong passwords and software solutions will be insufficient.
 
 
 
Source: CUMHA - CUMHURS NEWS AGENCY