Cybersecurity researchers have uncovered HybridPetya, a sophisticated ransomware strain capable of bypassing UEFI Secure Boot and encrypting system files. This strain combines a bootkit and installer components, exploiting vulnerabilities like CVE‑2024‑7344, and demonstrates an increasing trend in Secure Boot bypass techniques. #HybridPetya #UEFIBypass
Keypoints
- HybridPetya is a new ransomware that targets UEFI systems by installing a malicious EFI application.
- The malware encrypts the Master File Table (MFT) on NTFS partitions, locking important file metadata.
- It uses a bootkit with multiple versions to manage encryption status and attack progression.
- The strain exploits CVE‑2024‑7344 to bypass UEFI Secure Boot and loads a malicious “cloak.dat” file.
- HybridPetya has not been actively used in the wild, but its techniques are part of a broader trend of Secure Boot bypasses.
Read More: https://thehackernews.com/2025/09/new-hybridpetya-ransomware-bypasses.html