Ransomware Can Now Infect Your Processor

Image by Joseph Greve, from Unsplash

Ransomware Can Now Infect Your Processor

Reading time: 2 min

Last Updated: May 13, 2025

A cybersecurity expert has revealed that ransomware can now be installed directly onto a computer’s CPU, bypassing nearly all traditional forms of protection.

In a rush? Here are the quick facts:

  • Ransomware can now run directly from CPU microcode, bypassing all defenses.
  • Expert Christiaan Beek developed a working proof-of-concept.
  • Industry focus on AI overlooks core cybersecurity hygiene.

Christiaan Beek, a senior threat analyst at Rapid7, demonstrated a proof-of-concept (PoC) that hides ransomware in a chip’s microcode—the low-level code that controls processor behavior, as first reported by The Register.

The idea came from a serious vulnerability in AMD’s Zen processors, first uncovered by Google researchers. The flaw allowed attackers to replace the CPU’s random number generator with malicious code that always selects the number 4, as reported by The Register.

“Coming from a background in firmware security, I was like, woah, I think I can write some CPU ransomware,” Beek told The Register. Beek stated that he tested this method himself, and worked.

Although Beek has no intention of releasing the code, he described the breakthrough as “fascinating.” He warned that once ransomware reaches the CPU level or firmware, it can completely bypass antivirus software, firewalls, and other standard security tools.

The Register notes that tis type of threat isn’t just theoretical. Criminals have already been developing similar techniques. Leaked 2022 chat logs from the Conti ransomware gang revealed developers were working on ransomware that infects UEFI firmware—software that loads before the operating system.

One quote read: “If we modify the UEFI firmware, we can trigger encryption before the OS loads. No AV can detect this,” as reported by Tech Spot.

Beek criticized the industry’s focus on trendy tech like AI and machine learning while basic security flaws go unaddressed. “We should not be talking about ransomware in 2025—and that fault falls on everyone,” he said to The Register.

“It’s a high-risk vulnerability, or a weak password, or we haven’t deployed multi-factor authentication. That is frustrating,” he added.

His message to companies is clear: focus less on buzzwords and more on cybersecurity basics. Otherwise, the threats will only get worse.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...