New HybridPetya ransomware can bypass UEFI Secure Boot

What’s new: A new ransomware strain named HybridPetya has been discovered, capable of bypassing UEFI Secure Boot to install malicious software on the EFI System Partition. This ransomware is inspired by the earlier Petya/NotPetya malware and utilizes the CVE-2024-7344 vulnerability to execute its payload. HybridPetya encrypts Master File Table (MFT) clusters and demands a ransom of $1,000 in Bitcoin for decryption.

Who’s affected

Organizations using Windows systems with UEFI firmware that have not applied the January 2025 Patch Tuesday updates are at risk of HybridPetya attacks.

What to do

• Ensure all Windows systems are updated with the January 2025 Patch Tuesday security updates to mitigate the CVE-2024-7344 vulnerability.
• Implement regular offline backups of critical data to facilitate recovery in case of ransomware attacks.
• Monitor for indicators of compromise related to HybridPetya, available on ESET’s GitHub repository.

Sources

• BleepingComputer