Babuk Tortilla

Malware Profile Updated a month ago
Download STIX
Preview STIX
Babuk Tortilla is a variant of malware, specifically ransomware, that was first discovered by Cisco Talos researchers in October 2021. This malicious software infiltrates computer systems, often unbeknownst to the user, through suspicious downloads, emails, or websites, and can cause significant harm by stealing personal information, disrupting operations, or holding data for ransom. The Babuk Tortilla decryptor, a tool used to decode files encrypted by this ransomware, is provided by the threat actor behind the attack. It was found that the decryptor used by the threat actors during Babuk Tortilla attacks was inefficient compared to Avast’s recovery key, which allowed affected users a rapid recovery. In January 2024, Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant. This allowed them to extract and share the private decryption key used by the threat actor. The decryptor was likely created from the leaked Babuk source code and the generator. Cisco Talos collaborated with the Dutch National Police and Avast Threat Labs to assist organizations victimized by the Babuk ransomware variant known as "Tortilla". The Tortilla decryptor is an update to the generic one Avast released in 2021 using leaked source code that included Babuk private keys. The saga of the Babuk Tortilla ransomware came to a close following the arrest of an unnamed threat actor in the Netherlands. Post the arrest, Cisco Talos procured a Babuk Tortilla decryptor to help victims recover from a wider variety of Babuk ransomware strains. This decryptor was shared with Avast, which hosts the industry's go-to generic Babuk decryptor, now updated to support Tortilla victims. Despite the arrest and prosecution of the individual behind Babuk Tortilla by the Amsterdam police force and the Dutch Public Prosecution Office, no further details about the case have been published or provided upon request.
What's your take? (Question 1 of 2)
befa774c-40c7-4093-8e81-cda8c34cd011 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Tortilla
2
Tortilla is a variant of the Babuk ransomware, a malicious software designed to infiltrate systems and encrypt user data, holding it hostage for ransom. It exploits vulnerabilities in computer systems, often entering through suspicious downloads, emails, or websites unbeknownst to the user. Once ins
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BabukUnspecified
2
Babuk is a form of malware, specifically ransomware, that infiltrates systems often through suspicious downloads, emails, or websites. Once inside, it can cause severe disruptions, steal personal data, or even hold the system's data hostage for ransom. Various versions and variants of Babuk ransomwa
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Babuk Tortilla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Cyber Security Today, Week in Review for Friday, Jan. 12, 2024 | IT World Canada News
CERT-EU
5 months ago
Decryptor Issued For Babuk Tortilla Ransomware Variant | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
4 months ago
What to do with that fancy new internet-connected device you got as a holiday gift
CERT-EU
5 months ago
New decryptor for Babuk Tortilla ransomware variant released
CERT-EU
5 months ago
Ransomware victims targeted in follow-on extortion attacks
CERT-EU
5 months ago
Babuk Tortilla ransomware decryptor made available | #ransomware | #cybercrime | National Cyber Security Consulting
Securityaffairs
5 months ago
Decryptor for Tortilla variant of Babuk ransomware released
CERT-EU
5 months ago
Babuk Tortilla ransomware dealt major blow with release of new decryptor – here’s how victims can recover their data | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
5 months ago
Amsterdam arrest leads to Babuk Tortilla ransomware decryptor | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
3 months ago
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
CERT-EU
5 months ago
January Patch Tuesday: New year, more Windows bugs
CERT-EU
5 months ago
And that's a wrap for Babuk Tortilla ransomware as free decryptor released • The Register | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting