New HybridPetya ransomware can bypass UEFI Secure Boot

September 12, 2025 nsamag Off IT Securty Articles,

What’s new: A new ransomware strain named HybridPetya has been discovered, capable of bypassing UEFI Secure Boot to install malicious software on the EFI System Partition. It is inspired by the earlier Petya/NotPetya malware and utilizes the CVE-2024-7344 vulnerability to execute its payload. HybridPetya encrypts files and demands a ransom of $1,000 in Bitcoin, displaying a fake CHKDSK message during the attack.

Who’s affected

Windows systems that have not applied the January 2025 Patch Tuesday updates are at risk, particularly those using UEFI with GPT partitioning.

What to do

Ensure all Windows systems are updated with the January 2025 Patch Tuesday security updates to mitigate the CVE-2024-7344 vulnerability.
Implement offline backups of critical data to facilitate recovery in case of a ransomware attack.
Monitor for indicators of compromise related to HybridPetya, available on ESET’s GitHub repository.

New HybridPetya ransomware can bypass UEFI Secure Boot

Who’s affected

What to do

Sources

About The Author

nsamag

Who’s affected

What to do

Sources

Related posts

About The Author

nsamag