Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
Sept. 15, 2025, 9:28 p.m.
Description
A new ransomware called HybridPetya has been discovered, combining features of Petya and NotPetya with advanced UEFI-based system capabilities. It encrypts the Master File Table on NTFS partitions and can install a malicious EFI application to compromise UEFI systems. One variant exploits CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. While not yet observed in the wild, HybridPetya demonstrates sophisticated techniques including UEFI bootkit functionality and Secure Boot bypass. It may be a proof-of-concept but highlights the growing trend of UEFI-based threats. The malware allows key reconstruction, potentially functioning as regular ransomware rather than being purely destructive like NotPetya.
Tags
Date
- Created: Sept. 15, 2025, 2:12 p.m.
- Published: Sept. 15, 2025, 2:12 p.m.
- Modified: Sept. 15, 2025, 9:28 p.m.
Indicators
- 20fbf95c129365c6ec6c0bf20c8fd6a294bd8321f19ddaab96d522bf7ac333e9
- c75a0c76dd7cd7f364421b9b13bd2d7c4a0778bfc2a4e85e54283d75e91ae65c
- 01b57ae9cb77780f0fa2bb06f2eb78bcba188e824811e21f4b2b00d7f6fd7c1d
- ccdad8f0f97fc54d7d568414364887dcbe57299257305994ea187c43a7c040a8
- b949e95160734c2240ed6f330a5586e2a890264ae207df2b2f7209e361b1d239
- c25e5f72850f5571e312043ad9bc3542e3dfa258d3e913b23900d3e46b998437
- 65f77a21080cb4f151d0df6142a0eb039f6ecdc73346e7eece0f56408b8f4c27
Attack Patterns
- NotPetya - S0368
- HybridPetya
- NotPetya