Techly NewsGet the app

Get the latest tech news

Slovak security company ESET discovered a crypto ransomware that compromises PC firmware UEFI and bypasses Secure Boot


ESET Research has discovered HybridPetya, a copycat of the infamous Petya/NotPetya malware that adds the capability of compromising UEFI-based systems and weaponizing CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems.

Late in July 2025, we encountered suspicious ransomware samples, uploaded to VirusTotal from Poland, under various filenames, including notpetyanew.exe and other similar ones, suggesting a connection with the infamously destructive malware that struck Ukraine and many other countries back in 2017. Note that we haven’t obtained the installer responsible for deploying this version with the UEFI Secure Boot bypass, but based on the archive’s contents, which are shown in Figure 11, it would be pretty similar to the process described in the previous section. Note that our blogpost from January 2025 didn’t explain the exploitation in fine detail; thus, the malware author probably reconstructed the correct cloak.dat file format based on reverse engineering the vulnerable application on their own.

Get the Android app

Or read this on r/technology

Read more on:

Photo of bypasses

bypasses

Photo of Secure Boot

Secure Boot

Photo of ESET

ESET

Related news:

News photo

HybridPetya: More proof that Secure Boot bypasses are not just an urban legend

News photo

Battlefield 6 dev apologizes for requiring Secure Boot to power anti-cheat tools | Amid player complaints, EA says 330,000 cheaters were stopped in beta's first two days.

News photo

Battlefield 6 Dev Apologizes For Requiring Secure Boot To Power Anti-Cheat Tools

« Becoming an algorithmic problem: Resistance in the age of predictive technology
Magical systems thinking »