HybridPetya Revives Petya Tactics, Hits UEFI Systems
Security researchers have identified HybridPetya, a newly emerged ransomware strain that builds on the destructive legacy of Petya and NotPetya. HybridPetya revives Petya tactics by combining advanced boot-level attacks with firmware exploitation, targeting systems at their most vulnerable layers. First detected in September 2025, the malware has quickly drawn attention for its ability to compromise Unified Extensible Firmware Interface (UEFI), an area previously considered more secure than traditional operating systems.
HybridPetya exploits known vulnerabilities, including CVE-2024-7344, to gain privileged access. Once embedded, it bypasses standard security protocols, rendering conventional defenses largely ineffective. Security experts warn that this evolution marks a significant escalation in ransomware capabilities. HybridPetya revives Petya tactics with a more aggressive approach, leveraging firmware-level persistence to lock systems before the operating system boots. This tactic complicates recovery efforts and increases ransom pressure.
Read the full report for detailed analysis and mitigation strategies: