Babuk Tortilla

Malware updated a month ago (2024-11-29T13:49:33.923Z)
Download STIX
Preview STIX
Babuk Tortilla is a variant of malware, specifically ransomware, that was first discovered by Cisco Talos researchers in October 2021. This malicious software infiltrates computer systems, often unbeknownst to the user, through suspicious downloads, emails, or websites, and can cause significant harm by stealing personal information, disrupting operations, or holding data for ransom. The Babuk Tortilla decryptor, a tool used to decode files encrypted by this ransomware, is provided by the threat actor behind the attack. It was found that the decryptor used by the threat actors during Babuk Tortilla attacks was inefficient compared to Avast’s recovery key, which allowed affected users a rapid recovery. In January 2024, Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant. This allowed them to extract and share the private decryption key used by the threat actor. The decryptor was likely created from the leaked Babuk source code and the generator. Cisco Talos collaborated with the Dutch National Police and Avast Threat Labs to assist organizations victimized by the Babuk ransomware variant known as "Tortilla". The Tortilla decryptor is an update to the generic one Avast released in 2021 using leaked source code that included Babuk private keys. The saga of the Babuk Tortilla ransomware came to a close following the arrest of an unnamed threat actor in the Netherlands. Post the arrest, Cisco Talos procured a Babuk Tortilla decryptor to help victims recover from a wider variety of Babuk ransomware strains. This decryptor was shared with Avast, which hosts the industry's go-to generic Babuk decryptor, now updated to support Tortilla victims. Despite the arrest and prosecution of the individual behind Babuk Tortilla by the Amsterdam police force and the Dutch Public Prosecution Office, no further details about the case have been published or provided upon request.
Description last updated: 2024-03-15T19:18:41.878Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Tortilla is a possible alias for Babuk Tortilla. Tortilla is a variant of the Babuk ransomware, a malicious software that encrypts victims' files and demands a ransom for their release. This malware, like others of its kind, can infiltrate systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can di
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Babuk Malware is associated with Babuk Tortilla. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatioUnspecified
2
Source Document References
Information about the Babuk Tortilla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
9 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago