HybridPetya: New Ransomware Strain Compromises UEFI Secure Boot Systems

New Ransomware Strain HybridPetya Threatens UEFI Security Systems A sophisticated new ransomware variant threatening enterprise systems called HybridPetya has emerged, combining features of the notorious Petya/NotPetya malware with advanced capabilities to bypass UEFI Secure Boot protections, according to researchers at ESET. The malware, discovered in February 2025, represents a significant evolution in advanced persistent threats and malware attacks by targeting fundamental system security components and demanding $1,000 Bitcoin ransoms from victims. Advanced Technical Capabilities HybridPetya operates through two main components: a bootkit and an installer. The bootkit can encrypt the Master File Table (MFT) containing critical file metadata while masquerading as a disk repair operation. The malware exploits CVE-2024-7344, a vulnerability in the Howyar Reloader UEFI application, to bypass Secure Boot protections. This capability makes HybridPetya particularly dangerous as it can compromise modern UEFI-based systems by installing malicious EFI applications. "This shows that Secure Boot bypasses are not just possible – they're becoming more common and attractive to both researchers and attackers," noted ESET researchers in their report. Impact and Distribution While no active attacks have been confirmed, the malware's Bitcoin wallet has received approximately $183.32 between February and May 2025. Unlike its predecessor NotPetya, HybridPetya allows for system recovery through decryption keys, suggesting it's designed for financial gain rather than destruction. Organizations facing this threat should be prepared to implement proper ransomware incident response procedures to minimize potential damage. The emergence of HybridPetya marks the fourth known instance of UEFI bootkit malware capable of bypassing Secure Boot, joining ranks with: BlackLotus BootKitty Hyper-V Backdoor PoC Protective Measures Ensure all UEFI firmware is updated to the latest version, particularly the January 2025 Microsoft Patch Tuesday update Implement robust backup systems that include firmware-level protection Monitor system boot processes for unexpected behavior or false disk repair messages For additional technical details about UEFI security, readers can reference the UEFI Forum's Security Guidelines. The discovery of HybridPetya underscores the growing sophistication of ransomware threats and highlights the importance of maintaining strong security practices at both the operating system and firmware levels.