Related Posts
- Advertisement -
- A Rapid7 researcher created a working proof of concept for a CPU ransomware
- Such a ransomware would continue to exist on a device, even after the hard disk was replaced
- The POC will (most likely) never see the daylight
A security investigator wrote Ransomware code that infects the CPU of the computer, making it invisible to almost each antivirus Outside, and making it persistent, even when the victim takes out and replaces the hard disk of the computer.
According to the register, which recently spoke with Christiaan Beek, a researcher from CyberSecurity from Rapid7, who claims to have created a proof-of concept (POC) for such ransomware.
Malware At the CPU level is not exactly mysterious science. We have seen it in the past, such as Jolax, Cosmicstrand and other UEFI Firmware -Rootkits. However, this is the first time that someone is successfully played with ransomware in this way.
CPU POC
Beek said he was inspired by a bug in AMD Zen processors with which threat actors could load the malicious microcode and break the coding at the hardware level. This would have enabled them to change the behavior of the CPU as it considered necessary.
Beek says that the leaked Conti chat logbooks from 2022 suggested that real cyber criminals discussed the same idea, but they have not yet received a working solution. At least not that the cyber security community has.
“If they worked on it a few years ago, you can bet that some of them will be smart enough at some point and start making this stuff,” the researcher told the publication.
He also said that he will not release the code on the internet: “Of course we will not release that, but it is fascinating, right?”
Ransomware remains one of the biggest threats that exist, in which companies of all sizes lose billions of dollars every year. A recent Veeam study, which collected insights from 1,300 cisos, IT leaders and security professionals in North and South America, Europe and Australia, discovered that that Almost three -quarters of the companies were hit by ransomware last year.
By The register
Maybe you like it too
- Advertisement -
