Cybersecurity experts at ESET have discovered a new malware sample called HybridPetya that is capable of bypassing the UEFI Secure Boot protection mechanism in Windows, NotebookCheck reports.
UEFI Secure Boot typically verifies the digital certificates of programs loaded from the drive when the computer is turned on and blocks the execution of unauthorized or malicious code.
HybridPetya determines whether the infected device uses UEFI with GPT partitioning and, if so, bypasses Secure Boot. The malware then modifies, deletes, or adds files to the boot partition, which allows it to lock out and encrypt the rest of the data on the disk.
Upon activation, the program displays a message about file encryption and demands a payment of $1,000 in Bitcoin. The text provides a crypto wallet address for transferring funds, as well as instructions to send your own wallet address and the generated installation key to a ProtonMail email address to receive a decryption key.
As of September 12, 2025, ESET has not recorded any real attacks using HybridPetya. Experts suggest that the sample may be a prototype or in the testing phase before distribution.
The vulnerability exploited by this malware was fixed in the January Windows Update (Patch Tuesday, January 2025). Therefore, users who have installed the latest updates are protected from this threat.
It is currently unknown whether HybridPetya is capable of affecting other operating systems, including macOS or Linux.