What’s new: A new ransomware strain named HybridPetya has been discovered, capable of bypassing UEFI Secure Boot to install malicious applications on the EFI System Partition. This ransomware is inspired by the earlier Petya/NotPetya malware and utilizes the CVE-2024-7344 vulnerability to execute its payload. HybridPetya encrypts files and demands a ransom of $1,000 in Bitcoin for decryption.
Who’s affected
Windows systems that have not applied the January 2025 Patch Tuesday updates are at risk of HybridPetya attacks, particularly those using UEFI with GPT partitioning.
What to do
- Ensure all Windows systems are updated with the January 2025 Patch Tuesday security updates to mitigate the CVE-2024-7344 vulnerability.
- Implement regular offline backups of critical data to facilitate recovery in case of a ransomware attack.
- Monitor for indicators of compromise related to HybridPetya, available on ESET’s GitHub repository.
