Nevertheless, the ESET researchers suspect that this can be a analysis mission, a proof-of-concept (PoC) or an early model of a cybercrime instrument that’s nonetheless within the restricted testing part.
How the assault works
Based on ESET, the ransomware exploits an already patched vulnerability (CVE-2024-7344) in a signed Microsoft EFI file (reloader.efi). An unsigned malicious file named cloak.dat is then loaded. On this manner, integrity checks are bypassed and the trojan horse may be executed even earlier than the working system begins.
The installer replaces the respectable Home windows bootloader with the weak model. The malware then intentionally crashes the system, forcing a reboot. On boot, the compromised bootloader launches the HybridPetya bootkit and begins MFT encryption.
