September 12, 2025 By Bill Toulas
A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition.
HybridPetya appears inspired by the destructive Petya/NotPetya malware that encrypted computers and prevented Windows from booting in attacks in 2016 and 2017 but did not provide a recovery option.
Researchers at cybersecurity company ESET found a sample of HybridPetya on VirusTotal. They note that this may be a research project, a proof-of-concept, or an early version of a cybercrime tool still under limited testing.
Still, ESET says that its presence is yet another example (along with BlackLotus, BootKitty, and Hyper-V Backdoor) that UEFI bootkits with Secure Bypass functionality are a real threat.
HybridPetya incorporates characteristics from both Petya and NotPetya, including the visual style and attack chain of these older malware strains.
