A security researcher has created a proof-of-concept ransomware that can virtually bypass all antivirus programs by altering a CPU’s microcode. This means that even if you change hardware components like the motherboard, RAM and storage or format your PC, the ransomware will still be able to run.
According to The Register, Christiaan Beek, the security director of a cybersecurity firm named Rapid7 said he was inspired by the recently discovered AMD Zen chip bug that could allow threat actors to load the CPU with unapproved microcode in the processor. Beek claims that proof-of-concept ransomware loads the malicious microcode at the hardware level. He goes on to say that this is the worst case scenario, and that “ransomware at the CPU level, microcode alteration, and if you are in the CPU or the firmware, you will bypass every freaking traditional technology we have out there.”
CPU microcode is mostly modified by manufacturers like AMD and Intel to optimise performance or fix bugs, and it is usually hard for threat actors to write a new microcode for the processor itself.
However, earlier this year, researchers from Google demonstrated that it wasn’t impossible to do so. And while the chance that your CPU being infected with ransomware is pretty slim right now, we have already seen some CPU level malware like CosmicStrand and UEFI firmware based rootkits, this is the first someone has managed to create a ransomware that infects hardware.
Back in 2022, when a Russian ransomware gang’s chats were leaked online, he said that some cybercriminal was working on a proof of concept ransomware that infects the UEFI firmware, meaning it would be invisible to the majority of antivirus solutions. However, it looks like they were unsuccessful at it.
In the last few years, ransomwares have emerged as one of the most dangerous online threats, with organisations of all sizes losing billions every year.
© IE Online Media Services Pvt Ltd
0
0
Average Rating