New HybridPetya Ransomware Targets UEFI Systems, Offers Decryption Option
ESET researchers have discovered a new ransomware strain, HybridPetya, on VirusTotal. This malware echoes the infamous Petya/NotPetya, offering additional capabilities and targeting UEFI-based systems.
HybridPetya's origin remains unknown, with no specific organization identified as its developer. Despite not being actively spread, its technical prowess makes it a threat to monitor.
The malware can compromise UEFI-based systems and exploit CVE‐2024‐7344 to bypass UEFI Secure Boot on outdated systems. This is the fourth known UEFI bootkit with Secure Boot bypass, following BlackLotus, BootKitty, and the Hyper-V Backdoor PoC.
Unlike NotPetya, HybridPetya acts as true ransomware, allowing decryption. Its code for generating victims' personal installation keys seems inspired by the RedPetyaOpenSSL PoC.
HybridPetya's discovery is a reminder of the evolving threat landscape. While not currently spreading actively, its capabilities make it noteworthy for future threat monitoring. Organizations should ensure their systems are up-to-date to mitigate potential risks.
Read also:
- Regensburg Customs Crackdown Nets 40+ Violations in Hotel Industry
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- BMW & Nissan Adapt Strategies for Mexico's Evolving Automotive Sector
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
