CPU-level ransomware is possible, and it’s terrifying

Malware is a thing you just have to be aware of. But it’s pretty rare that it can actually damage your computer in a permanent sense — wipe the drive if you’re okay with losing local data, and you can generally get up and running in a day or two. But what if the microcode running on your CPU’s tiny integrated memory becomes infected? One security researcher says he’s done it.

Christiaan Beek of Rapid7 says he has created a proof-of-concept ransomware that can hide inside a CPU’s microcode, building on previous work that emerged when Google required AMD processors to always return “4” when asked for a random number. He claims that modifying UEFI firmware can install an unsigned update to the processor, slipping past any kind of conventional antivirus or OS-based security.

In a statement given to The Register, Beek says that Rapid7 won’t release the tool. However, the implications of this possibility are significant. If your computer’s CPU was infected to that degree, it would technically be possible to recover with official tools from Intel, AMD, et cetera. But it would be so involved, and your system would be so fully compromised, that you might as well just pull a Ron Swanson and yeet that thing.

Malware that can bypass the encryption in UEFI firmware is already known, though it’s a lot more complex and involved than your typical dodgy download. CPU-level ransomware has not been seen “in the wild,” and it seems likely that when and if it emerges, it’ll be a state-level actor that exploits it first. That means your typical user probably won’t be targeted, at least immediately.

Still, maybe keep a remote backup of your important files, just in case.