https://www.heise.de/security/meldung/BIOS-UEFI-mit-Ransomware-infiziert-3630662.html
From Google Translate:
[…]”This year’s edition of the “Hacking Exposed”, presented for years at the RSA Conference, filled Cylance boss Stuart McClure and his co-workers with two hacks of a more unusual kind: In one of the live demos, they infected the Unified Extensible Firmware Interface (UEFI) A current Gigabyte motherboard (Intel Skylake) with an encryption trojan. According to McClure are also mainboards of other manufacturers attackable, one only have to adjust the payload to the UEFI variant.”[…]
No pointer to sources AFAICT, please leave a Comment on the blog if you have an URL.
Firmware Security 