Emerging Threat: HybridPetya Malware Discovered

Cybersecurity experts at ESET have identified a new form of malware known as HybridPetya, which is capable of circumventing the UEFI Secure Boot mechanism in Windows. NotebookCheck reports on this development.

Typically, UEFI Secure Boot checks the digital certificates of programs loaded from storage when the computer starts up, blocking unauthorized or malicious code from executing.

HybridPetya checks whether the infected device uses UEFI with GPT partitioning and, upon confirmation, bypasses Secure Boot. This allows the malware to alter, delete, or add files in the boot partition, effectively locking access to other data on the drive and encrypting it.

Once activated, the program displays a message about the encryption of files and demands a payment of $1000 in Bitcoin. The message provides a cryptocurrency wallet address for the transfer, along with instructions to send your wallet address and the generated installation key to a ProtonMail email for receiving the decryption key.

As of September 12, 2025, ESET has not recorded any actual attacks utilizing HybridPetya. Experts suspect that this variant may be a prototype or still in testing before widespread distribution.

The vulnerability exploited by this malware was patched in a January Windows update (Patch Tuesday, January 2025). Therefore, users who have installed the latest updates are protected from this threat.

Currently, it is unknown whether HybridPetya can affect other operating systems, such as macOS or Linux.