Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

A new malware variant identified as HybridPetya has been discovered on VirusTotal, functioning as a copycat of the notorious Petya and NotPetya ransomware families. This variant distinguishes itself by incorporating a UEFI Secure Boot bypass capability, leveraging CVE-2024-7344 to persist at the firmware level. This development represents a significant evolution in threat techniques, allowing malicious actors to maintain persistence even after operating system reinstallation. The exploitation of UEFI vulnerabilities poses a critical risk to system integrity and data security across affected environments. While no specific threat actor group has been attributed to this campaign yet, the technical sophistication suggests advanced capabilities. Organizations are advised to prioritize firmware updates, monitor for UEFI anomalies, and ensure Secure Boot configurations are strictly enforced to mitigate the risk of similar bootkit infections. Immediate patching of CVE-2024-7344 is essential to prevent exploitation vectors associated with this emerging threat landscape.

UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal

A new malware variant identified as HybridPetya has been discovered on VirusTotal, functioning as a copycat of the notorious Petya and NotPetya ransomware families. This variant distinguishes itself by incorporating a UEFI Secure Boot bypass capability, leveraging CVE-2024-7344 to persist at the firmware level. This development represents a significant evolution in threat techniques, allowing malicious actors to maintain persistence even after operating system reinstallation. The exploitation of UEFI vulnerabilities poses a critical risk to system integrity and data security across affected environments. While no specific threat actor group has been attributed to this campaign yet, the technical sophistication suggests advanced capabilities. Organizations are advised to prioritize firmware updates, monitor for UEFI anomalies, and ensure Secure Boot configurations are strictly enforced to mitigate the risk of similar bootkit infections. Immediate patching of CVE-2024-7344 is essential to prevent exploitation vectors associated with this emerging threat landscape. UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal