Researchers at ESET discovered a new UEFI-based ransomware dubbed HybridPetya. This malware relies on a vulnerability that was previously disclosed in January, 2025 (CVE-2024-7344) and facilitates bypass of Secure Boot. If system firmware and configuration files (i.e., DBX) are updated regularly, HybridPetya is not a concern.
HybridPetya renders a system inoperable by encrypting the Master File Table, which contains important metadata about all the files on NTFS-formatted partitions. The bootkit also incorporates a fake CHKDSK message that is displayed on the victim’s screen which presents false information about the “current encryption status”, leading the victim into thinking that the system is repairing disk errors.
After completing its nefarious task, the exploit demands $1000 in Bitcoin to return the infected system to its normal state. A one-time code is provided, after ransom is paid, which allows the OS to load and resume operation.
