← Back to BrewedIntel
malwarehighRansomwareSecure Boot BypassUEFI BootkitCVE-2024-7344HybridPetyaNotPetya

Sep 12, 2025 • ESET WeLiveSecurity

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Security researchers have discovered HybridPetya, a new UEFI bootkit variant modeled after the destructive Petya/NotPetya ransomware families. This threat...

Source
ESET WeLiveSecurity
Category
malware
Severity
high

Executive Summary

Security researchers have discovered HybridPetya, a new UEFI bootkit variant modeled after the destructive Petya/NotPetya ransomware families. This threat exploits CVE-2024-7344 to bypass UEFI Secure Boot protections, enabling deep system compromise before the operating system loads. HybridPetya was initially identified through VirusTotal submissions, suggesting active development or testing by threat actors. The malware leverages the same encryption and disk-overwriting techniques as its predecessors, which caused massive disruptions in the 2017 NotPetya attacks. Organizations should prioritize UEFI firmware updates to address CVE-2024-7344, enable Secure Boot integrity verification, and implement hardware-based security solutions to detect bootkit activity. This development underscores the evolving sophistication of ransomware-as-a-service tools targeting critical infrastructure.

Summary

UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal

Published Analysis

Security researchers have discovered HybridPetya, a new UEFI bootkit variant modeled after the destructive Petya/NotPetya ransomware families. This threat exploits CVE-2024-7344 to bypass UEFI Secure Boot protections, enabling deep system compromise before the operating system loads. HybridPetya was initially identified through VirusTotal submissions, suggesting active development or testing by threat actors. The malware leverages the same encryption and disk-overwriting techniques as its predecessors, which caused massive disruptions in the 2017 NotPetya attacks. Organizations should prioritize UEFI firmware updates to address CVE-2024-7344, enable Secure Boot integrity verification, and implement hardware-based security solutions to detect bootkit activity. This development underscores the evolving sophistication of ransomware-as-a-service tools targeting critical infrastructure. UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal

Linked Entities

  • CVE-2024-7344
  • HybridPetya
  • NotPetya
  • Petya
Read original source