ESET Research has identified HybridPetya, a sophisticated new ransomware variant discovered in February 2025, which significantly advances on the destructive Petya/NotPetya malware. This threat can compromise modern UEFI-based systems and exploits CVE-2024-7344 to bypass UEFI Secure Boot, encrypting the Master File Table. While not yet detected in the wild, its design for decryption key reconstruction makes it viable ransomware, posing a substantial future cybersecurity risk for enterprises and potentially causing significant operational and financial disruption, echoing the $10 billion impact of NotPetya.
ESET Research has identified a new ransomware strain, HybridPetya, which represents a significant evolution of the destructive Petya/NotPetya malware that caused over $10 billion in damages in 2017. Discovered on VirusTotal in February 2025, this malware is distinguished by its ability to compromise modern UEFI-based systems, a capability its predecessors lacked. Notably, one variant weaponizes the CVE-2024-7344 vulnerability to bypass UEFI Secure Boot, demonstrating a high level of technical sophistication by its creators, who likely reverse-engineered the exploit. Unlike the purely destructive NotPetya, HybridPetya is designed as a viable ransomware tool, as its architecture allows operators to reconstruct decryption keys, creating a direct financial incentive for its deployment. While ESET telemetry confirms the malware has not yet been observed in active campaigns, its existence signals a potent and latent threat to enterprise IT infrastructure, capable of causing severe operational disruption by encrypting the Master File Table (MFT).
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.70
