- A Rapid7 researcher created proof of concept of work for CPU ransomware
- Such ransomware would persist on a device even after replacing the hard drive
- The POC will be (most likely) will never see daylight
A security researcher wrote a ransomware code that infects the computer processor, which makes him invisible to almost all antivirus programs, and making him persistent even when the victim removes and replaces the hard drive from the computer.
It is according to the register, which recently spoke with Christiaan Beek, a cybersecurity researcher of Rapid7, who claims to have created proof of concept (POC) for such ransomware.
Malicious software at the CPU level is not exactly the science of mysteries. We have seen it in the past, with Jolax, Cosmastrand and other UEFI firmware. However, this is the first time that someone has successfully played with ransomware this way.
CPU POC
Beek said he was inspired by a bug in AMD Zen processors which allowed the actors to threaten to load a malicious microcode and break the encryption at the material level. This would have enabled them to modify the behavior of the CPU as they see fit.
Beek says that the 2022 Cat Disclosed Chat newspapers suggested that real cybercriminals discussed the same idea before, but they have not yet reached a work solution. At least, not that the cybersecurity community knows it.
“If they worked there a few years ago, you can bet that some of them will become smart enough at some point and start creating this kind of thing,” the researcher told publication.
He also said that he will not take out the code on the Internet: “Of course, we will not publish this, but it’s fascinating, right?”
Ransomware remains one of the largest threats on the market, companies of all sizes losing billions of dollars each year. In fact, a recent VEEAM study, which brought together ideas of 1,300 cisos, IT heads and security professionals through the Americas, Europe and Australia, revealed that almost three -quarters of companies were affected by ransomware during the past year.
Via The register
