Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

(520) 462-0516

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

HybridPetya, a new ransomware discovered on VirusTotal, combines features of Petya and NotPetya while adding UEFI system compatibility. It encrypts the Master File Table on NTFS partitions and can compromise UEFI-based systems by installing a malicious EFI application. A variant exploits CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. Unlike NotPetya, HybridPetya allows key recovery, functioning as regular ransomware. While not yet observed in the wild, its technical capabilities, including MFT encryption and Secure Boot bypass, make it noteworthy for future threat monitoring. Author: AlienVault

Related Tags:
notpetya

uefi

secure boot

hybridpetya

cve-2024-7344

mft encryption

T1542.003

T1587.004

T1529

Associated Indicators:
3393A8C258239D6802553FD1CCE397E18FA285A1

A6EBFA062270A321241439E8DF72664CD54EA1BC

D0BD283133A80B47137562F2AAAB740FA15E6441

CDC8CB3D211589202B49A48618B0D90C4D8F86FD

98C3E659A903E74D2EE398464D3A5109E92BD9A9

D31F86BA572904192D7476CA376686E76E103D28

9DF922D00171AA3C31B75446D700EE567F8D787B

9B0EE05FFFDA0B16CF9DAAC587CB92BB06D3981B

C8E3F1BF0B67C83D2A6D9E594DE8067F0378E6C5

Threat Intel Solutions

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us