HybridPetya: Petya Copycat With UEFI Secure Boot Bypass

ESET researchers have identified HybridPetya, a new ransomware variant that imitates the notorious Petya/NotPetya but adds a dangerous twist: the ability to target UEFI-based systems and weaponize CVE-2024-7344 to bypass UEFI Secure Boot on outdated devices.

Key points:

• Mimics Petya/NotPetya behavior with added UEFI-level compromise
• Leverages CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems
• Not actively spreading in the wild at this time
• At least the fourth known real or proof-of-concept bootkit capable of bypassing UEFI Secure Boot

For more detail, watch the video with ESET Chief Security Evangelist Tony Anscombe and read the full blog post.

Source: WeLiveSecurity