Your CPU’s Microcode May Be The Next Target
The discovery of UEFI ransomware in the ecosystem ruined a lot of people’s happiness. The ability to infect your motherboard’s UEFI is an utter nightmare as the malware not only loads every time your system boots up, it exists in a place no traditional antivirus software can touch. If you are unlucky enough to be the target of this type of ransomware, your only choice is to toss out your motherboard and get a new one, currently there is no effective way to remove that type of malware.
If that wasn’t bad enough, a researcher at Rapid7 named Christiaan Beek has designed a proof of concept process to infect your CPU with ransomware. This builds off of the bug Google discovered in Milan-family Epyc server chips and Phoenix-family Ryzen 9 desktop CPUs, which accepted their malformed microcode to ensure any time the CPU was asked to provide a random number, it always chose the number 4.
This new research is even worse, and is able to use a microcode update to load ransomware into a CPU. The details of this proof of concept attack are being kept secret, for obvious reasons, so we aren’t aware of which CPUs might be vulnerable to this attack. It does show that our belief that modified CPU microcode updates will be rejected, and offers yet another way to persistently infect a system with no way to detect the ransomware, let alone remove it.
To make it even worse, while motherboard prices have certainly increased, they are still generally less expensive than the new CPU you would have to buy to get rid of this new type of malware.