New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit

What’s new: A new ransomware strain named HybridPetya has been discovered, which can bypass UEFI Secure Boot using the CVE-2024-7344 exploit. This ransomware encrypts the Master File Table (MFT) on NTFS partitions and installs a malicious EFI application on the EFI System Partition. It has been reported to demand a ransom of $1,000 in Bitcoin from victims.

Who’s affected

Organizations using UEFI-based systems are at risk, particularly those that have not patched the CVE-2024-7344 vulnerability, which has a CVSS score of 6.7. The ransomware has not yet been observed in the wild, but its capabilities pose a significant threat to system integrity.

What to do

• Ensure that all systems are updated with the latest security patches, particularly those addressing CVE-2024-7344.
• Implement robust backup solutions to protect against data loss from ransomware attacks.
• Monitor for unusual activity on systems, especially related to UEFI and boot processes.
• Educate users about the risks of ransomware and safe computing practices.

Sources

• The Hacker News