A new ransomware variant called HybridPetya can bypass UEFI Secure Boot by exploiting CVE-2024-7344 to infect the EFI System Partition. Although not yet observed in attacks, it highlights the growing threat of UEFI bootkits that can disable secure boot protections. #HybridPetya #CEV-2024-7344
Keypoints
- HybridPetya is a ransomware that targets UEFI systems by bypassing Secure Boot protections.
- It incorporates features from Petya and NotPetya, including encryption methods and attack techniques.
- The malware drops malicious files into the EFI System Partition, replacing and modifying bootloaders.
- It encrypts system data using Salsa20 and displays fake error messages during the process.
- Applying security updates like the January 2025 Windows patch protects systems from this threat.