- A Rapid7 researcher created a work concept test for CPU ransomware
- Such ransomware would persist on a device even after the hard drive had been replaced
- The little (probably) will never see daylight
A security researcher wrote a ransomware code that infects the CPU of the computer, making it invisible for virtually all antivirus programs, and what makes it persistent even when the victim takes out and replaces the hard drive from the computer.
This is according to the registration, who recently spoke with Christiaan Beek, a cybersecurity researcher of Rapid7, who claims to have created a proof of concept (POC) for said ransomware.
Malware at the CPU level is not exactly arcane science. We have seen it in the past, with people like Jolax, Cosmicstrand and other UEFI firmware roots. However, this is the first time someone is played successfully with Ransomware in this way.
CPU POC
Beek said he was inspired by an error in AMD Zen processors that allowed threat actors to load malicious microcodes and break the encryption at the hardware level. This would have allowed them to modify the behavior of the CPU as they considered convenient.
Beek says that Chat Conti records filtered from 2022 suggested that real cybercriminals were discussing the same idea before, but they have not yet reached an operating solution. At least, it is not that the cyber security community knows.
“If they worked on that a few years ago, you can bet that some of them will become intelligent enough at some point and begin to create these things,” the researcher told the publication.
He also said that he will not launch the code on the Internet: “Of course, we will not launch that, but it is fascinating, right?”
Ransomware remains one of the greatest threats, with companies of all sizes that lose billions of dollars each year. In fact, a recent study by Veeam, who gathered ideas of 1,300 Ciso, IT leaders and security professionals in America, Europe and Australia, discovered that almost three quarters of the companies were affected by ransomware during the past year.
Through The registration
