A new variant of the notorious Petya ransomware, dubbed HybridPetya, has been discovered with the capability to bypass UEFI Secure Boot, a critical security feature designed to prevent unauthorized firmware, operating systems, or UEFI drivers from running at boot time. This advancement marks a significant evolution in ransomware tactics, as it allows attackers to maintain persistence on infected systems even after reboots, complicating detection and removal efforts.
HybridPetya combines traditional ransomware encryption techniques with sophisticated bootloader manipulation, enabling it to execute before the operating system loads. By exploiting vulnerabilities in the UEFI Secure Boot process, the malware can evade security controls that typically protect against boot-level attacks. This makes HybridPetya particularly dangerous for organizations relying on Secure Boot as a defense mechanism.
The ransomware encrypts critical files and demands a ransom payment in cryptocurrency, threatening permanent data loss if the ransom is not paid. Its ability to bypass Secure Boot also means that conventional antivirus and endpoint detection solutions may fail to detect or stop the infection early in the boot process.
Security experts recommend that organizations enhance their security posture by implementing multi-layered defenses, including regular backups, network segmentation, and advanced endpoint protection solutions capable of monitoring firmware-level activities. Additionally, keeping firmware and software up to date and employing threat hunting techniques can help detect and mitigate such advanced threats.
The emergence of HybridPetya underscores the evolving landscape of ransomware threats and the need for continuous innovation in cybersecurity defenses to protect critical infrastructure and sensitive data from increasingly sophisticated attacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 12 Sep 2025 17:20:14 +0000