Ransomware is already a horrible blight on the tech world. These insidious programs are designed especially to hold your computer and its data hostage. Criminal hackers and the likes will then use this to extort money or further information from the victims. Of course security protections against things like ransomware are always being worked on, but that's because ransomware also continues to develop in more complex and terrifying ways.
Some of the latest developments in ransomware are all around microcode found on CPUs. This is the code just one step up from the hardware that tells the processor how to function and order its tasks. Ideally microcode shouldn't be touched, let alone altered by anyone other than the manufacturer, but in recent days we're seeing that this isn't the case anymore.
Recently we saw a BIOS exploit reveal the potential for editing AMD's microcode in some of its older CPUs. Now inspired by these kinds of developments, Security researcher and Rapid7 analyst Christiaan Beek has come up with a way to hijack microcode updates and use them to install ransomware onto your central processor.
"Coming from a background in firmware security, I was like, woah, I think I can write some CPU ransomware," Beek told The Register.
And apparently Beek has done just that. While for the good of everyone they're not planning to release the ransomware to the public, Beek claims to have successfully created a ransomware that hides in a CPU processor. "Of course, we won't release that, but it's fascinating, right?" says Beek.
"Ransomware at the CPU level, microcode alteration, and if you are in the CPU or the firmware, you will bypass every freaking traditional technology we have out there."
The thing with ransomware installed directly into the microcode of a CPU is that it bypasses most aspects of security we already have set up. In previous examples like the AMD exploit you'd also have to have access to the machine, but of course Beek is keeping tight-...lipped on those details.
He seems rightly more worried that we are still even having to deal with things like ransomware in the capacity that we do. As most cybersecurity folk will tell you, our cyber hygiene is pretty disgusting, and most problems are caused by user error or inaction.
"We should not be talking about ransomware in 2025 — and that fault falls on everyone: the vendors, the end users, cyber insurers," says Beek, adding "Twelve years later, we're still fighting the battle," he said. "While we're still seeing a lot of technological evolution, everybody's shouting agentic, AI, ML. And if we're bloody honest, we still haven't fixed our foundations."
Best CPU for gaming: Top chips from Intel and AMD.
Best gaming motherboard: The right boards.
Best graphics card: Your perfect pixel-pusher awaits.
Best SSD for gaming: Get into the game first.
Bengali (Bangladesh) · 
English (United States) ·