HybridPetya Exploits UEFI Vulnerability to Bypass Secure Boot on Legacy Systems

ESET Research has uncovered a sophisticated new ransomware variant called HybridPetya, discovered on the VirusTotal sample sharing platform.

This malware represents a dangerous evolution of the infamous Petya/NotPetya ransomware family, incorporating advanced capabilities to compromise UEFI-based systems and exploit CVE-2024-7344 to bypass UEFI Secure Boot protections on vulnerable systems.

Unlike its predecessors, HybridPetya demonstrates significant technical advancement by targeting modern UEFI-based systems.

The malware installs a malicious EFI application directly onto the EFI System Partition, giving it unprecedented control over the boot process.

This technique allows the ransomware to operate at a lower level than traditional malware, making it extremely difficult to detect and remove using conventional security tools.

The malware’s most concerning feature is its exploitation of CVE-2024-7344, a critical UEFI Secure Boot bypass vulnerability that ESET Research previously disclosed in early 2025.

By leveraging a specially crafted cloak.dat file, HybridPetya can circumvent ...