Cybersecurity researchers have identified HybridPetya, a new ransomware strain capable of bypassing UEFI Secure Boot on modern systems by exploiting a previously patched vulnerability (CVE‑2024‑7344) to encrypt the Master File Table. This malware, which demands $1,000 in Bitcoin for decryption and has shown some wallet activity, represents a more sophisticated threat than its NotPetya predecessor by allowing decryption key reconstruction. While not yet observed in the wild, its emergence underscores the increasing prevalence and attractiveness of Secure Boot bypasses for attackers, posing an evolving risk to system integrity despite vendor patching efforts.
A new ransomware strain, HybridPetya, has been identified, representing a significant evolution in boot-level threats. The malware targets modern systems by bypassing the UEFI Secure Boot mechanism, exploiting a vulnerability (CVE‑2024‑7344) that Microsoft Corp (MSFT) has already patched as of its January 2025 update. HybridPetya encrypts the Master File Table (MFT) and demands a $1,000 Bitcoin ransom, distinguishing itself from the destructive NotPetya by offering a functional decryption process. While the designated Bitcoin wallet has seen minimal activity ($183.32) and is currently empty, the design indicates a financial motive rather than pure disruption. Researchers at ESET have not observed HybridPetya in the wild, suggesting it may currently be a Proof-of-Concept. However, its existence marks it as the fourth publicly known UEFI bootkit with Secure Boot bypass capabilities, signaling a concerning trend where attackers are increasingly targeting fundamental firmware security layers, making such bypasses more common and posing a sophisticated threat to system integrity even against patched vulnerabilities.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Overall Sentiment
mildly negative
Sentiment Score
-0.15
Ticker Sentiment
