HybridPetya Crypto-Locker Outsmarts UEFI Secure Boot

Malware Not Yet Deployed in the Wild, Says Eset Anviksha More (AnvikshaMore) • September 12, 2025

Researchers at Eset said Friday they spotted a copycat version of the infamous Petya/NotPetya malware that they dub "HybridPetya."

See Also: Post-Quantum Cryptography - A Fundamental Pillar in the Future of Cybersecurity [ES]

No telemetry exists to suggest HybridPetya has been deployed in the wild yet and it certainly lacks the aggressive propagation properties of NotPetya, which in 2017 spiraled into a global infection causing $10 billion in damage.

It also differs in one key respect: It can compromise the secure boot feature of Unified Extensible Firmware Interface by installing a malicious application. It joins a list of real or proof of concept UEFI bootkits including BlackLotus, Bootkitty and the Hyper-V Backdoor proof of concept.

Attacker prize bootkits since malware at that level can evade detection by antivirus applications and survive operating system ...