Cybersecurity experts from ESET have identified a new malware variant called HybridPetya that can circumvent the UEFI Secure Boot mechanism in Windows. This information was reported by NotebookCheck.

Typically, UEFI Secure Boot checks the digital certificates of programs loaded from storage when the computer is powered on, preventing the execution of unauthorized or malicious code.

HybridPetya determines whether the infected device uses UEFI with GPT partitioning and, if confirmed, bypasses Secure Boot. The malware then alters, deletes, or adds files in the boot partition, blocking access to the remaining data on the disk and encrypting it.

Upon activation, the program displays a message about the encryption of files and demands a ransom of $1000 in Bitcoin. The text includes the cryptocurrency wallet address for the transfer, along with instructions to send their wallet address and the generated installation key to a ProtonMail email for obtaining the decryption key.

As of September 12, 2025, ESET has not recorded any actual attacks utilizing HybridPetya. Experts suspect that this sample may be a prototype or still in the testing phase before a wider release.

The vulnerability exploited by this malware was patched in the January Windows update (Patch Tuesday, January 2025). Therefore, users who have installed the latest updates are protected against this threat.

Currently, it is unknown whether HybridPetya can affect other operating systems, including macOS or Linux.