New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit

What’s new: A new ransomware strain named HybridPetya has been discovered, which can bypass UEFI Secure Boot using the CVE-2024-7344 exploit. This ransomware encrypts the Master File Table (MFT) on NTFS-formatted partitions and installs a malicious EFI application on the EFI System Partition. HybridPetya demands a ransom of $1,000 in Bitcoin and has been observed to use a bootkit that modifies system boot processes, displaying fake CHKDSK messages to mislead victims.

Who’s affected

Organizations using UEFI-based systems are at risk, particularly those that have not applied the patch for CVE-2024-7344, a remote code execution vulnerability in the Howyar Reloader UEFI application. The ransomware has not yet been reported in active attacks but poses a significant threat due to its capabilities.

What to do

• Ensure that all systems are updated with the latest security patches, particularly those addressing CVE-2024-7344.
• Implement robust backup solutions to protect against ransomware attacks.
• Monitor for unusual system behavior and educate users about phishing and ransomware threats.

Sources

• The Hacker News