A new ransomware called HybridPetya has been discovered, combining features of Petya and NotPetya with advanced UEFI-based system capabilities. It encrypts the Master File Table on NTFS partitions and can install a malicious EFI application to compromise UEFI systems. One variant exploits CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. While not yet observed in the wild, HybridPetya demonstrates sophisticated techniques including UEFI bootkit functionality and Secure Boot bypass. It may be a proof-of-concept but highlights the growing trend of UEFI-based threats. The malware allows key reconstruction, potentially functioning as regular ransomware rather than being purely destructive like NotPetya. Author: AlienVault
Related Tags:
Nyetya
Petrwrap
GoldenEye
Diskcoder.C
ExPetr
NotPetya – S0368
petya
notpetya
uefi
Associated Indicators:
C75A0C76DD7CD7F364421B9B13BD2D7C4A0778BFC2A4E85E54283D75E91AE65C
C25E5F72850F5571E312043AD9BC3542E3DFA258D3E913B23900D3E46B998437
CCDAD8F0F97FC54D7D568414364887DCBE57299257305994EA187C43A7C040A8
01B57AE9CB77780F0FA2BB06F2EB78BCBA188E824811E21F4B2B00D7F6FD7C1D
65F77A21080CB4F151D0DF6142A0EB039F6ECDC73346E7EECE0F56408B8F4C27
3393A8C258239D6802553FD1CCE397E18FA285A1
A6EBFA062270A321241439E8DF72664CD54EA1BC
D0BD283133A80B47137562F2AAAB740FA15E6441
CDC8CB3D211589202B49A48618B0D90C4D8F86FD