Stronzium, the malware that can’t be eliminated, is back

Researchers from cyber security solutions company ESET have discovered the return of the rootkit virus Stronzium, a malware that is impossible to eliminate

Whoever doesn't die meets again, you might say. ESET researchers, one of the world's leading IT security companies, have in fact discovered the return of one of the most difficult rootkits to fight and eliminate from our computers. We are talking about Stronzium, a spy malware named after the hacker group that created it.

The peculiarity of this malicious program is that it makes it practically useless to format the PC and install the operating system from scratch: the rootkit will remain in place no matter what we do. But let's proceed in order. Usually, when a virus infects our computer system and passes our antivirus' defenses, we usually make backups of the most important data and restore the system to get rid of the malware. Stronzium, however, is not a rootkit like any other: it does not install itself inside the hard drive, but it directly infects the motherboard, installing itself in the UEFI, the machine's hardware configuration system.

Stronzium, the virus that is impossible to delete from the PC

According to the analysis of ESET researchers, Stronzium virus has been developed and spread for cyber-espionage by the hacker group known as Sednit. This group of cyber criminals and the Stronzium virus are behind some of the most famous cybersecurity scandals in recent years, such as the 2016 attack on the Democrati National Committee, the hacking of the TV5Monde television network or the spread of the confidential emails stolen from the World Anti-Doping Agency. Stronzium is a virus that practically no antivirus system can detect, moreover even with disk formatting or replacement the virus remains attached to the machine. It is a very complex virus that only experienced hackers are able to use for their purposes and that is why usually its targets are not individuals or small companies but governmental bodies, large multinationals and international organizations.

How to defend yourself against Stronzium malware

To protect yourself against this malware there are only two techniques. First we have to update the UEFI of our computer to the latest version available and then we have to enable Secure Boot.

This is basically a special security system that allows you to write to the UEFI of your device only if you have an authorized digital identity certificate.