Babuk Tortilla

Malware updated 7 months ago (2024-05-04T20:47:32.527Z)

Download STIX

Preview STIX

Babuk Tortilla is a variant of malware, specifically ransomware, that was first discovered by Cisco Talos researchers in October 2021. This malicious software infiltrates computer systems, often unbeknownst to the user, through suspicious downloads, emails, or websites, and can cause significant harm by stealing personal information, disrupting operations, or holding data for ransom. The Babuk Tortilla decryptor, a tool used to decode files encrypted by this ransomware, is provided by the threat actor behind the attack. It was found that the decryptor used by the threat actors during Babuk Tortilla attacks was inefficient compared to Avast’s recovery key, which allowed affected users a rapid recovery. In January 2024, Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant. This allowed them to extract and share the private decryption key used by the threat actor. The decryptor was likely created from the leaked Babuk source code and the generator. Cisco Talos collaborated with the Dutch National Police and Avast Threat Labs to assist organizations victimized by the Babuk ransomware variant known as "Tortilla". The Tortilla decryptor is an update to the generic one Avast released in 2021 using leaked source code that included Babuk private keys. The saga of the Babuk Tortilla ransomware came to a close following the arrest of an unnamed threat actor in the Netherlands. Post the arrest, Cisco Talos procured a Babuk Tortilla decryptor to help victims recover from a wider variety of Babuk ransomware strains. This decryptor was shared with Avast, which hosts the industry's go-to generic Babuk decryptor, now updated to support Tortilla victims. Despite the arrest and prosecution of the individual behind Babuk Tortilla by the Amsterdam police force and the Dutch Public Prosecution Office, no further details about the case have been published or provided upon request.

Description last updated: 2024-03-15T19:18:41.878Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Tortilla is a possible alias for Babuk Tortilla. Tortilla is a variant of the Babuk ransomware, a malicious software that encrypts victims' files and demands a ransom for their release. This malware, like others of its kind, can infiltrate systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can di	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Babuk Malware is associated with Babuk Tortilla. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio	Unspecified	2

Source Document References

Information about the Babuk Tortilla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	8 months ago	The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
CERT-EU	10 months ago	What to do with that fancy new internet-connected device you got as a holiday gift
CERT-EU	10 months ago	Amsterdam arrest leads to Babuk Tortilla ransomware decryptor \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	10 months ago	January Patch Tuesday: New year, more Windows bugs
CERT-EU	10 months ago	And that's a wrap for Babuk Tortilla ransomware as free decryptor released • The Register \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	10 months ago	Cyber Security Today, Week in Review for Friday, Jan. 12, 2024 \| IT World Canada News
CERT-EU	10 months ago	Babuk Tortilla ransomware dealt major blow with release of new decryptor – here’s how victims can recover their data \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	10 months ago	Ransomware victims targeted in follow-on extortion attacks
CERT-EU	10 months ago	Decryptor Issued For Babuk Tortilla Ransomware Variant \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Securityaffairs	10 months ago	Decryptor for Tortilla variant of Babuk ransomware released
CERT-EU	10 months ago	Babuk Tortilla ransomware decryptor made available \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	10 months ago	New decryptor for Babuk Tortilla ransomware variant released