The director of threat analysis of the cybersecurity company, Rapid7, has developed a proof of concept for a CPU ransomware that could attack the current processors avoiding all traditional detection methods.
Ransomware is next to phishing The greatest threat of world cybersecurity. A computer attack that infects a personal computer, smartphone (or any electronic device) with the aim of blocking its operation and/or access to a part or the entire equipment. Especially worrying is the increase in ransomware in companies and organizations, with attacks that compromise the integrity of an organization’s systems, but also puts their operational capacity at risk.
CPU ransomware
If most ransomware infections occur because the user opens an application or a malicious program the idea of an infection directly hides in the computer process unit It has extreme danger.
In an interview with The Registerthe senior director of Rapid7 threat analysis, Christiaan Beek, revealed that an error and El Chip AMD Zen He gave him the idea that a highly trained attacker could, in theory, «Allow these intruders to load microcode not approved in the processors, breaking the encryption at the hardware level and modifying the behavior of the CPU at will«.
Normally, only chips manufacturers can provide the correct microcode for their CPU, which could be used to improve performance or correct failures. While it is difficult for third parties to discover how to write a new microcode, it is not impossible and in the case of the AMD failure, Google showed that it could inject microcode so that the chip always chose the number 4 when requesting a random number.
Beek thought that was the idea to continue and wrote the code of a proof of concept to get the ransomware in CPU, a dream for any cybercrime. According to the researcher It would be a terrifying scenariodue to the possibility of microcode alteration avoiding all traditional detection technologies available.
Although the researcher will not publicly disseminate this development, the risk, although low for now, is not only theoretical and there are indications that criminals are moving towards that objective from the first bootkits UEFI dating from 2018. The most advanced as Blacklotus, it is sold as a kit in hacking forums for $ 5,000 and stands out for being the first known with the ability to omit Windows safe start.
A great threat to the computer panorama taking into account that it is able to avoid security defenses even when they are enabled in the BIOS/UEFI. CPU ransomware would be a new level jump, would avoid safe start and embed malware in the firmware, surviving the restarts of the operating system.
The researcher takes advantage of this proof of concept to launch a message to the community and ask for focus on improving the foundations on cybersecurity. “We should not be talking about ransomware in 2025, and everyone’s fault,” assures.«We witness a lot of technological evolution, everyone talks about agents, IA, ml. And, being honest, we have not yet sat down the bases ».
«As an industry, we dedicate a lot of time and money to innovation, but at the same time Our cybersecurity does not improve«concludes.
