CyberSecurityBoard
Sponsor Register Login

HybridPetya Ransomware Bypasses Secure Boot

HybridPetya ransomware has emerged as a sophisticated threat capable of bypassing secure boot protections, posing significant risks to enterprise security. This ransomware variant combines features from both Petya and NotPetya strains, enabling it to evade traditional security mechanisms and encrypt critical system files effectively. HybridPetya's ability to circumvent secure boot, a security standard designed to ensure that a device boots using only software trusted by the Original Equipment Manufacturer (OEM), marks a dangerous evolution in ransomware tactics. Enterprises must enhance their defense strategies by implementing advanced detection tools, regular patching, and comprehensive backup solutions to mitigate the impact of such threats. The hybrid nature of this ransomware complicates detection and removal, making it imperative for cybersecurity teams to stay informed about emerging ransomware techniques and update their incident response plans accordingly. This article delves into the technical aspects of HybridPetya, its attack vectors, and recommended mitigation strategies to help organizations bolster their cybersecurity posture against this evolving threat.

This Cyber News was published on www.darkreading.com. Publication date: Tue, 16 Sep 2025 14:55:05 +0000


Cyber News related to HybridPetya Ransomware Bypasses Secure Boot

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
9 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
7 months ago Cybersecuritynews.com
New HybridPetya ransomware can bypass UEFI Secure Boot - A new variant of the notorious Petya ransomware, dubbed HybridPetya, has been discovered with the capability to bypass UEFI Secure Boot, a critical security feature designed to prevent unauthorized firmware, operating systems, or UEFI drivers from ...
2 months ago Bleepingcomputer.com
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs - Researchers have uncovered "LogoFAIL," a set of critical vulnerabilities present in the Unified Extensible Firmware Interface ecosystem for PCs. Exploitation of the vulnerabilities nullify essential endpoint security measures and provide attackers ...
2 years ago Darkreading.com
HybridPetya Ransomware Bypasses Secure Boot - HybridPetya ransomware has emerged as a sophisticated threat capable of bypassing secure boot protections, posing significant risks to enterprise security. This ransomware variant combines features from both Petya and NotPetya strains, enabling it to ...
2 months ago Darkreading.com CVE-2017-0144
New HybridPetya Weaponizing UEFI Vulnerability - A new variant of the notorious Petya ransomware, dubbed HybridPetya, has emerged, exploiting a critical UEFI vulnerability to enhance its attack capabilities. This sophisticated malware leverages the Unified Extensible Firmware Interface (UEFI) flaw ...
2 months ago Cybersecuritynews.com CVE-2024-12345
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
CVSS 9.8 Bootkit Bug in shim.efi - A Microsoft researcher found it-and it's somehow Microsoft's fault. A critical vulnerability in most Linux distributions now has a patch ready. Enterprise users especially need this if booting using HTTP or PXE. So go get it. In today's SB Blogwatch, ...
1 year ago Securityboulevard.com CVE-2023-40547
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
HybridPetya Mimics NotPetya, UEFI Attacks Highlighted - A new ransomware variant named HybridPetya has been identified, mimicking the infamous NotPetya malware's destructive behavior while incorporating advanced UEFI (Unified Extensible Firmware Interface) attack techniques. This evolution in ransomware ...
2 months ago Infosecurity-magazine.com
Linux Distros Hit by RCE Vulnerability in Shim Bootloader - Linux shim, a small piece of code that many major Linux distros use during the secure boot process, has a remote code execution vulnerability in it that gives attackers a way to take complete control of affected systems. All Linux distributions that ...
1 year ago Darkreading.com CVE-2023-40547
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
1 year ago Securityboulevard.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com
LogoFail vulnerability affects many Windows and Linux devices - Many commercial computers are vulnerable to a set of vulnerabilities that exploit flaws in the processing of startup logos during boot. ADVERTISEMENT. Security researchers at Binarly have disclosed security vulnerabilities in system firmware used by ...
1 year ago Ghacks.net
CVE-2022-27632 - Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, ...
3 years ago
CVE-2022-28717 - Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini ...
3 years ago
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 year ago Securelist.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
2 years ago Bleepingcomputer.com Qilin Cactus Black Basta
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)