If you believed that formatting your hard drive could solve ALL your problems, well, think again! Because there’s a ransomware so deeply embedded in your machine that you would literally have to toss your processor in the trash to get rid of it.
If you’re the proud owner of an AMD processor, this is something you definitely need to pay attention to. A few weeks ago, Google revealed a critical flaw in all AMD Zen processors (that’s right, all Ryzen and Epyc since 2017) that allows for unauthorized microcode injection directly into the CPU. To put it simply, they managed to alter the fundamental behavior of the processor, forcing it to generate the number “4” whenever it is asked for a random number. Anyone familiar with the XKCD reference knows that when asked for a random number between 1 and 10, “4” is statistically the most likely choice. Go figure…
But the story doesn’t end there. Christiaan Beek, a security expert at Rapid7, decided to take this concept a step further. At the RSA 2025 conference, he announced that he developed a prototype ransomware that directly targets the CPU’s microcode. This malware doesn’t infect your files or operating system but attacks the very heart of your machine.
Rest assured, Rapid7 won’t be releasing the code for this proof of concept. However, what was once theoretically possible is now technically achievable.
So, why is this so scary? Because this type of attack represents an unprecedented level of persistence. Unlike traditional malware, which can be eliminated by formatting your hard drive, ransomware targeting the CPU would survive nearly everything except the physical replacement of the processor.
Even more alarming, this kind of attack circumvents all traditional security measures. Altering the microcode means an attacker inside the CPU or firmware can bypass all conventional security technologies. Even advanced technologies such as AMD’s Secure Encrypted Virtualization (SEV), designed to protect virtual machines from compromised hosts, would be ineffective against this threat.
While exploiting this vulnerability currently requires administrative privileges (which you might grant without a second thought when a pop-up appears), experts are concerned about the evolution of this technology. There are indications that criminal groups are already shifting towards this type of attack, with UEFI bootkits being sold on cybercriminal forums since 2018, and leaks from the Conti group in 2022 even revealing that their developers were working on ransomware at the firmware level.
Fortunately, AMD developed a patch following Google’s disclosure, and this fix is currently being rolled out as a BIOS update by motherboard manufacturers. So, if you’re using a server running on an Epyc processor, patches are already available… For Ryzen owners, updates are in progress (Asus accidentally leaked a beta patch back in January).
Thus, it’s no longer a matter of “If,” but “When” this will occur in real life. In the meantime, your best defense is to keep your systems updated, especially all BIOS updates if you own an AMD Zen processor!
We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.
Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.
We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.
Comments