New Ransomware Strain ‘hybridpetya’ Circumvents Secure Boot, Raising Cybersecurity Concerns
ESET researchers have identified a new ransomware-bootkit dubbed “Hybridpetya” capable of bypassing a computer’s Secure Boot function, a security measure designed to prevent malicious software from loading during startup. The malware, discovered in samples on VirusTotal, shares characteristics with the destructive Petya and Notpetya ransomware that caused billions of dollars in damage in 2016 and 2017.
Unlike most malware, Hybridpetya can compromise the Unified Extensible Firmware Interface (UEFI) – the successor to the conventional BIOS – utilizing the vulnerability CVE-2024-7344, which Microsoft patched earlier this year. This allows the ransomware to infect modern UEFI systems and lock hard drives by encrypting the Master File Table,which contains critical metadata for NTFS file systems.
While currently appearing as test code or a proof of concept with no confirmed instances of active attacks, Hybridpetya represents a significant threat due to its ability to circumvent Secure Boot, a security feature that typically protects against boot-level malware. Petya and Notpetya previously gained notoriety for their bootkit capabilities, which rendered infected computers unusable by corrupting the Master Boot Record (MBR).
