Cybersecurity specialists at ESET have identified a new type of malware known as HybridPetya, capable of circumventing the UEFI Secure Boot mechanism in Windows. According to NotebookCheck, this could pose a significant threat to users.

Typically, UEFI Secure Boot verifies the digital certificates of programs that load from storage during the computer's startup, blocking the execution of unauthorized or malicious code.

HybridPetya checks if the infected device uses UEFI with GPT partitioning, and if confirmed, it bypasses Secure Boot. Following this, the malware can modify, delete, or add files in the boot partition, effectively blocking access to other data on the disk and encrypting it.

Once activated, the program displays a message about file encryption and demands a payment of $1000 in Bitcoin. It provides a cryptocurrency wallet address for the transaction and instructions for sending their wallet address and a generated installation key to a ProtonMail email for obtaining the decryption key.

As of September 12, 2025, ESET has not recorded any real attacks utilizing HybridPetya. Experts suggest that this sample may be a prototype or in the testing phase before mass distribution.

The vulnerability exploited by this malware was patched in the January Windows update (Patch Tuesday, January 2025). Therefore, users who have installed the latest updates are protected from this threat.

Currently, it is unclear whether HybridPetya can affect other operating systems, such as macOS or Linux.