{"id":221806,"date":"2025-09-13T03:29:54","date_gmt":"2025-09-13T08:29:54","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/09\/new-hybridpetya-ransomware-can-bypass-uefi-secure-boot"},"modified":"2025-09-13T03:29:54","modified_gmt":"2025-09-13T08:29:54","slug":"new-hybridpetya-ransomware-can-bypass-uefi-secure-boot","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/09\/new-hybridpetya-ransomware-can-bypass-uefi-secure-boot","title":{"rendered":"New HybridPetya ransomware can bypass UEFI Secure Boot"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/new-hybridpetya-ransomware-can-bypass-uefi-secure-boot2.jpg\"><\/a><\/p>\n<p>A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition.<\/p>\n<p>HybridPetya appears inspired by the destructive Petya\/NotPetya malware that encrypted computers and prevented Windows from booting in attacks in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/petya-ransomware-skips-the-files-and-encrypts-your-hard-drive-instead\/\" target=\"_blank\" rel=\"nofollow noopener\">2016<\/a> and <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/more-security-firms-confirm-notpetya-shoddy-code-is-making-recovery-impossible\/\" target=\"_blank\" rel=\"nofollow noopener\">2017<\/a> but did not provide a recovery option.<\/p>\n<p>Researchers at cybersecurity company ESET found a sample of HybridPetya on VirusTotal. They note that this may be a research project, a proof-of-concept, or an early version of a cybercrime tool still under limited testing.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. HybridPetya appears inspired by the destructive Petya\/NotPetya malware that encrypted computers and prevented Windows from booting in attacks in 2016 and 2017 but did not provide a recovery option. Researchers at [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1625],"tags":[],"class_list":["post-221806","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-encryption"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/221806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=221806"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/221806\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=221806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=221806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=221806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}