Someone told me tonight at dinner about a series of businesses in my field, in Austin, which came in one morning to ransom requests. At least one said "their hardware was so damaged they were forced to trash it" and bought a new server.
Sound plausible? What happened to full disk erasure and re-loading?
It's still theoretically possible that malware can damage hardware at the motherboard level if it executes with admin privileges, especially since the demise of the floppy drive. Most hardware manufacturers now package their BIOS updates as Windows executables that re-flash the BIOS after rebooting the system. It's theoretically possible that the protections built in to that update system could be cracked, and the procedure used to trash the BIOS.
How likely that is, I can't say. I've experienced a very high failure rate installing
legitimate BIOS updates from Windows. There are a lot of checks that have to be passed, and if even one of them fails, the update doesn't happen. I have had to run many legitimate BIOS updates from bootable media because the manufacturers' Windows-based update routines failed.
On the other hand, I do remember reading some time in late 2015 that Kasperksy had identified malware that was capable of detecting and re-writing the firmware on popular hard drive models. I haven't heard of it actually happening in the wild; but then again, I'm not as current on the latest malware as I was when I was in the repair end of the business.
Personally, I don't think it would be in the interest of ransomware writers to inflict hardware damage. They may be criminals, but they're not vandals. They're in it for the money; and ironically, the success of their criminal enterprise depends on a certain level of consumer confidence. Consumers have to believe that if they pay the ransom, their files will be restored. If word gets around that that's not true, people will stop paying, and that would be bad for business.
Rich
