Ransomware has long been a serious threat to computer users, locking down data and demanding payment to restore access. A new and unsettling development has emerged: ransomware that operates directly from a CPU’s microcode. This means the malicious software can hide deep within the processor, making detecting and stopping it much harder.
Microcode is a low-level set of instructions that tells a CPU how to perform its tasks. Usually, only the manufacturer should modify this code. However, recent exploits have shown that microcode can be altered, opening the door for new types of attacks.
One example involved a BIOS exploit allowing AMD’s microcode editing on some older processors. Inspired by this, security researcher and Rapid7 analyst Christiaan Beek developed a method to hijack microcode updates and install ransomware directly onto the CPU.
Beek shared with The Register that he successfully created such ransomware, though he has no plans to release it publicly. He explained, “Ransomware at the CPU level, microcode alteration, and if you are in the CPU or the firmware, you will bypass every freaking traditional technology we have out there.”
This ransomware bypasses most existing security measures because it operates below the operating system and software layers. While earlier exploits required physical or administrative access to the machine, Beek has not disclosed the exact method to deploy his ransomware.
Beek also expressed frustration that ransomware remains a widespread problem despite years of warnings and technological advances. He pointed out that poor cyber hygiene and user mistakes are significant factors in security breaches. “We should not be talking about ransomware in 2025 — and that fault falls on everyone: the vendors, the end users, cyber insurers,” he said. “While we’re still seeing a lot of technological evolution, everybody’s shouting agentic, AI, ML. And if we’re bloody honest, we still haven’t fixed our foundations.”
This development highlights the evolving challenges in cybersecurity, especially as attackers find new ways to embed malware deeper into hardware. It also reminds us of the importance of maintaining good security practices and staying informed about emerging threats.
What do you think about ransomware running from CPU microcode? Have you encountered any unusual security issues lately? Share your thoughts in the comments below.
