Warning for ransomware beyond the processor attacking and traditional defenses – computers
Ransomware attacks can cause devastating consequences for companies and victims, preventing access to their equipment and data if the ransom is not paid. But it is possible to enter This type of attack in the hardware level, especially in processors, in the new era that skip most traditional monitoring systems.
The concept test was submitted by the Rapid 7 cyber security expert Christian Beak, leaving the threats to lock the systems up to the amount requested in the rescue. In an interview RegisterA. The idea came from the bug found in the AMD Zen chips, which allows the intruders to take the informal microcode directly into processorsBreaking crypt in the hardware level and editing the behavior of CPU.
The thing is, only chip manufacturers can only correct their processors microcodes when they need to improve their performance. Cyber security expert believes that any hacker is difficult to know how to rewrite Microcode, but not impossible, at least in the case of AMD bug. Google shows that the chip has always shown that the chip can always inject the microcode to select the 4th number when asked a random digit.
Christian Beak wrote a code that works as a concept for Ransomware that he followed this and that he could attack CPUTo alert future threats, it does not publish or disclose. In the wrong hands, this code can escape any detection technology available.
This is not the first time there are warnings that hackers suggest hardware tools. In November 2024, ESET Was alerted For the first UEFI Bootkit (the harmful program that affects the computer’s initial process) to the Linux, but the records are from 2018. These harmful systems are capable of introducing malware directly into the hardware components’s firmware and therefore the system can get out of the reboot.
Oh The expert alleges that the technology industry is focusing on AI and AI agents, but the foundations are not yet repaired. He said he was looking at vulnerable cases that could lead to Ransomware, although weak passwords were unable to activate the multifator or not activated the incorrect authentication systems. With that, it warns the industry about the time and money of investing in innovation, but not the so -called “cyberhigin”.
