For years, hackers have been relying on file-encrypting malware that targets storage devices, locking users out of their files and demanding a ransom in cryptocurrency for the decryption key. However, a more sophisticated form of malware has recently emerged, one that shifts its focus from storage drives to a much more critical component of computing: the Central Processing Unit (CPU).
This new breed of ransomware takes a different approach by infecting the CPU itself, the very “brain” of a server or computing device. What makes this particularly alarming is that even if the victim replaces key hardware components such as the hard drive, motherboard, or RAM, the malware will persist. It is embedded within the processor, making it much harder to remove and potentially leaving the system compromised even after major hardware changes.
This next-level malware was first reported by The Register, which uncovered details from Christian Beek, the Director of Security at Rapid7. Beek revealed that he was inspired by the discovery of a bug in AMD’s Zen processor architecture. This bug, initially discovered by researchers, was later analyzed by Google’s Threat Intelligence team, which speculated that it could be exploited to manipulate the microcodes of a processor. Microcodes are small, low-level code that control how a CPU operates, and any malicious changes to them can potentially compromise the entire system.
While the concept of tampering with microcodes in processors is still technically challenging, it’s not entirely beyond the realm of possibility. Malware such as UEFI (Unified Extensible Firmware Interface) firmware-based rootkits and a particularly dangerous threat known as Cosmic Strand have already been found targeting CPUs, demonstrating that this type of attack is not merely theoretical. UEFI rootkits are especially concerning because they reside deep within the system’s firmware and are difficult for traditional antivirus programs to detect, making them a persistent threat.
Mr. Beek further revealed that development on these advanced malware techniques began as early as 2022. The source of this information came from a series of leaked chats among Russian ransomware operators, where a specialized hacking group was discussed. This group was reportedly working on creating a UEFI firmware-based malware solution that would evade detection by antivirus tools, allowing them to maintain stealth while executing their attacks.
This marks a significant evolution in the tactics used by cybercriminals. Traditionally, ransomware attacks focused on file encryption, targeting files and data that could be easily held hostage for a ransom payment. However, by shifting their focus to the heart of the system—the CPU—these hackers are making it increasingly difficult for victims to defend themselves. Even if hardware is replaced, the malicious code could persist, potentially leading to long-term system compromise.
As cybersecurity professionals continue to track these emerging threats, it’s clear that the battle against cybercrime is becoming more complex. The development of CPU-targeting malware signals a troubling new phase in ransomware attacks, one that requires new methods of detection, prevention, and response.
Ad
Join our LinkedIn group Information Security Community!
