UEFI Secure Boot Failing, as Expected for Nearly 15 Years Already (Techrights Said This Since 2012)

posted by Roy Schestowitz on Sep 13, 2025

Today in the media:

HybridPetya: More proof that Secure Boot bypasses are not just an urban legend

A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads.

ESET researchers discovered the ransomware-bootkit combo after samples were uploaded to VirusTotal in February, and named it HybridPetya because of its similarities to the infamous Petya and NotPetya malware strains.
New HybridPetya ransomware can bypass UEFI Secure Boot

A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition.
HybridPetya Crypto-Locker Outsmarts UEFI Secure Boot

No telemetry exists to suggest HybridPetya has been deployed in the wild yet and it certainly lacks the aggressive propagation properties of NotPetya, which in 2017 spiraled into a global infection causing $10 billion in damage.

It also differs in one key respect: It can compromise the secure boot feature of Unified Extensible Firmware Interface by installing a malicious application. It joins a list of real or proof of concept UEFI bootkits including BlackLotus, Bootkitty and the Hyper-V Backdoor proof of concept.

Other Recent Techrights' Posts

The Solicitors Regulation Authority (SRA) Delusion - Part IV - Machos in Charge of the House (and System), Even If the Faces Are Female (Optics): basically a Windows/Microsoft (US) shop
Brett Wilson LLP Seems to Have Done for Roberto Foa What It Did a Year Earlier for the Serial Strangler from Microsoft: Repeat abusers (of the legal system) will misuse it as long as regulators do nothing
Where We Stand With the Winter Series: We'll need to protect names and sources
Gemini Links 10/02/2026: "The Last Messiah", Discord for Adults: Links for the day
Mobbing at the European Patent Office (EPO) - Part V - Strongest Strike Under António Campinos: SUEPO Munich is also reminding people of the threat of PIPs
GNU/Linux May Have Grown to 7% in Equatorial Guinea: Has there been some kind of mass migration there or is this just noise in the data?
GNU/Linux at 3.99% in Australia: now that Australians can no longer keep Vista 10
Microsoft Windows Falling: analytics.usa.gov Shows Rapid Erosion of Windows Market Share Since 'End of 10' (Vista 10)
Microsoft Windows Hits All-Time Low in The Netherlands in 2026: Europe needs to rid itself or wean itself off GAFAM
SRA: SLAPPs From Russian War Criminals and American Men Who Strangle Women Are Acceptable: The SRA, by inaction, is complicit in this
From Weber Shandwick (Microsoft PR) to Brett Wilson LLP (Hired Gun of the Serial Strangler of Microsoft): they basically tried to charge me a lot of money for a PR project of someone who strangled women
The Solicitors Regulation Authority (SRA) is Not a Regulator, It's Part of the Litigation "Industry" in the UK (They Overlap Each Other): Does nothing except talk about SLAPPs
In Finland, Microsoft Falls Behind Yandex (Russia): Bing has had many layoffs in recent years
Security More Advanced in Geminispace Than on the Web (Bloat): For real security, use Geminispace capsules, not Web sites
Slop at Microsoft is a Miserable Failure, Now Microsoft Takes the "Vista Route" (Paying People to Say Good Things About It): This is brainwash, it's meant to delay the implosion of the bubble
Rumours About February 2026 Microsoft Layoffs: Silent Layoffs or 30,000 Culled Tomorrow: Sooner or later (and soon) Microsoft will need to say something and file some WARN notifications
GNU/Linux at 12% in Guam, Based on statCounter (Compared to 2-3% a Year Ago): Guam's "uptick" in GNU/Linux usage started weeks after "end of 10"
Fighting Slop With the Public Domain (and Why Slopfarms Perish Faster Than New Ones Appear): We can combat the nonsense by producing more human-made works until the slop bubble implodes
After Employee Reviews at IBM Staff Expects Another Large Wave of PIPs and "RAs" (Layoffs): From what we can see in the "public Web"
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, February 09, 2026: IRC logs for Monday, February 09, 2026
Is Europe Abandoning Digital Opium?: GAFAM-controlled social control media
Microslop is Slop, Slop is Considered "Quality": no wonder Microsoft's stuff breaks down so often
thelayoff.com Deletes On-Topic Discussions (Layoffs) While Leaving in Tact Pro-Corporate Trolling Made by LLMs (Slop): Who at thelayoff.com deems spam made by LLMs (slop) to be on-topic and unworthy of zapping, whereas actually on-topic and authentic threads get routinely deleted?
Gemini Links 09/02/2026: Great Salt Lake Ecological Observatory and Offpunk 3.0 "A Community is Born" Release: Links for the day
Links 09/02/2026: Mass Plagiarism and Pollution/FakeCoin Company Nvidia Contacted Anna’s Archives, Narges Mohammadi Gets Second Prison Sentence: Links for the day
Links 09/02/2026: Russia Intentionally Killing Civilians, Jimmy Lai Effectively Sentenced for Life for Publishing News: Links for the day
Microsoft Competitions, Addictions, and Popularity Contests Are Not Going to Help Perl, They'll Waste Everybody's Time and Give Microsoft More Control Over Its Competition: Microsoft does not like Perl
A Can of WORMS - Part IV - They Would Even Attack RMS for Criticising Autocrats (Saying This is "Politics"): Conforming to society's perceived expectations isn't how effective activism can ever be done or was ever done in the recent past
Gemini Links 09/02/2026: The Exploration Myth and Making JavaScript Fun: Links for the day
EPO Outrage and Maintaining the Pressure: A vending machine does not fall over after a first push
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, February 08, 2026: IRC logs for Sunday, February 08, 2026
"Low Performer" and "Underperformer" as Harmful Misnomers That Damage a Company's Reputation: Misnomers need to be avoided or called out
Expensive errors: Forbes Gold price, $44 billion Bitcoin given away by Bithumb, South Korea: Reprinted with permission from Daniel Pocock
Links 08/02/2026: Microsoft OSI (Openwashing Lobby) in Europe, Raised Against Social Control Media Provocateurs in EU: Links for the day
The Open Source Initiative (OSI) Lobbies for Microsoft in the EU, Promoting Proprietary Lock-in: OSI pushing and selling Microsoft and GitHub. OSI is Microsoft front group.
Getting the European Court of Justice to Annul the Illegal and Unconstitutional Unified Patent Kangaroo Court (UPC): We're still working on it
Finland's Dependence on GAFAM (US) Needs to be Lessened, EU Must Follow This Path: It's unwise to make one's entire national infrastructure (computer systems) dependent on a regime which compares its black citizens to monkeys and assassinates nonviolent dissenters
Links 08/02/2026: Microsoft GitHub as Burden on Developers and "The Chomsky Epstein Files": Links for the day
Gemini Links 08/02/2026: "Doing Not Much Tweaking" and "Reclaiming Digital Agency": Links for the day
Forbes: BitCoin, Cryptocurrency pages removed from investment database, links stop working: Reprinted with permission from Daniel Pocock
Bitcoin warning followed immediately by network outage: Reprinted with permission from Daniel Pocock
Money Funneled to Protection of Software Freedom, But Nothing Really Lost: Crossposted from personal site
They Tell Us Slop Replaces Workers, But the Reality Is, US Debt Has Surged 2,300 Billion Dollars in Six Months (the Economy is Collapsing): Oligarchy already entertains the option of running away to (or colonising) some other planet without pitchforks and "unwashed masses"
Mozilla Firefox Sinks to Just 1.5% in the United States: According to analytics.usa.gov
We're Still Fast: The site is even faster than the BBC's despite being on shoestring budget with only a small technical team
Gemini Protocol is Not a Waste of Time of Effort: We see more and more GNU/Linux- or BSD-focused bloggers turning to Gemini
Our Gemini Protocol Support Turns 5 Today: today is a rare anniversary for us
In Today's World, One Must be Tough and Principled to Get Ahead Morally: But not financially (sellouts)
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, February 07, 2026: IRC logs for Saturday, February 07, 2026
The Right Wing in the United States Does Not Support Free Speech, It Supports Its Own Speech: Free speech is often opposed by those who also oppose Free software
IRC is a Lot Better Than Social Control Media (They're Not the Same at All): A good social analogy for IRC is, there are many buildings with a party in each building
Microsoft 'Open' 'AI' is 'Dead Meat': Or 0xDEADBEEF as some geeks might call it
When Identifying "Low Performers" and "PIPs" Aren't About Improving Performance But Reinforcing a Clique in Your Company/Organisation: It's very troubling to see once-respectable brands like IBM and institutions like the EPO resorting to this
Slop and Flop (IBM), Slopfarms and Hybrids (Linuxiac): Did Bobby Borisov assume he would never get caught?
Crowdfunding vs Bitcoins: donations are better investment than digital tulip mania: Reprinted with permission from Daniel Pocock