What’s new: A new ransomware strain named HybridPetya has been discovered, which can bypass UEFI Secure Boot using the CVE-2024-7344 exploit. This ransomware encrypts the Master File Table (MFT) on NTFS partitions and installs a malicious EFI application on the EFI System Partition. HybridPetya demands a ransom of $1,000 in Bitcoin for decryption, and it has been identified as a significant threat due to its ability to compromise modern UEFI-based systems.
Who’s affected
Organizations using UEFI-based systems are at risk, particularly those that have not applied the latest security patches addressing CVE-2024-7344. The ransomware targets systems that rely on Secure Boot for integrity verification.
What to do
- Ensure all systems are updated with the latest security patches, especially those related to UEFI vulnerabilities.
- Implement robust backup solutions to recover data without paying the ransom.
- Monitor network traffic for unusual activity that may indicate a ransomware infection.
- Educate users about phishing and other common attack vectors that could lead to ransomware deployment.
