Babuk Tortilla

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Babuk Tortilla is a variant of malware, specifically ransomware, that was first discovered by Cisco Talos researchers in October 2021. This malicious software infiltrates computer systems, often unbeknownst to the user, through suspicious downloads, emails, or websites, and can cause significant harm by stealing personal information, disrupting operations, or holding data for ransom. The Babuk Tortilla decryptor, a tool used to decode files encrypted by this ransomware, is provided by the threat actor behind the attack. It was found that the decryptor used by the threat actors during Babuk Tortilla attacks was inefficient compared to Avast’s recovery key, which allowed affected users a rapid recovery. In January 2024, Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant. This allowed them to extract and share the private decryption key used by the threat actor. The decryptor was likely created from the leaked Babuk source code and the generator. Cisco Talos collaborated with the Dutch National Police and Avast Threat Labs to assist organizations victimized by the Babuk ransomware variant known as "Tortilla". The Tortilla decryptor is an update to the generic one Avast released in 2021 using leaked source code that included Babuk private keys. The saga of the Babuk Tortilla ransomware came to a close following the arrest of an unnamed threat actor in the Netherlands. Post the arrest, Cisco Talos procured a Babuk Tortilla decryptor to help victims recover from a wider variety of Babuk ransomware strains. This decryptor was shared with Avast, which hosts the industry's go-to generic Babuk decryptor, now updated to support Tortilla victims. Despite the arrest and prosecution of the individual behind Babuk Tortilla by the Amsterdam police force and the Dutch Public Prosecution Office, no further details about the case have been published or provided upon request.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Tortilla	2	Tortilla is a variant of the Babuk ransomware, a type of malware that has been causing significant disruptions in the digital world. As a malicious software, Tortilla is designed to infiltrate computer systems without the user's knowledge, typically through suspicious downloads, emails, or websites.

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Avast

Encryption

Talos

Cisco

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Babuk	Unspecified	2	Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Babuk Tortilla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	4 months ago	The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
CERT-EU	6 months ago	What to do with that fancy new internet-connected device you got as a holiday gift
CERT-EU	7 months ago	Amsterdam arrest leads to Babuk Tortilla ransomware decryptor \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	7 months ago	January Patch Tuesday: New year, more Windows bugs
CERT-EU	7 months ago	And that's a wrap for Babuk Tortilla ransomware as free decryptor released • The Register \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	6 months ago	Cyber Security Today, Week in Review for Friday, Jan. 12, 2024 \| IT World Canada News
CERT-EU	6 months ago	Babuk Tortilla ransomware dealt major blow with release of new decryptor – here’s how victims can recover their data \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	7 months ago	Ransomware victims targeted in follow-on extortion attacks
CERT-EU	7 months ago	Decryptor Issued For Babuk Tortilla Ransomware Variant \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Securityaffairs	7 months ago	Decryptor for Tortilla variant of Babuk ransomware released
CERT-EU	7 months ago	Babuk Tortilla ransomware decryptor made available \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	7 months ago	New decryptor for Babuk Tortilla ransomware variant released