Tortilla

Malware updated a month ago (2024-11-29T13:50:21.667Z)
Download STIX
Preview STIX
Tortilla is a variant of the Babuk ransomware, a malicious software that encrypts victims' files and demands a ransom for their release. This malware, like others of its kind, can infiltrate systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can disrupt operations, steal personal information, or hold data hostage for ransom. The Tortilla group based its crypto-locking malware on the leaked Babuk source code, which led to its widespread use and damage. Fortunately, a breakthrough was achieved with the release of a decryptor for the Tortilla variant of Babuk ransomware. This development greatly simplifies the process of decrypting files locked by Tortilla. Avast updated its free Babuk decryptor, which is also available via the No More Ransom portal, to handle Tortilla-encrypted files. Interestingly, Tortilla used a single public/private key pair to encrypt all its victims' files, unlike other groups that generate new keys for each victim. This did not change the encryption schema, making it easier for victims to decrypt their files. In a significant disruption to the Tortilla group's operations, the leader was arrested by Dutch police in Amsterdam following intelligence provided by Cisco’s Talos threat intelligence group. The arrest was subsequently prosecuted by the Dutch Public Prosecution Office. This event marked a major setback for the ransomware attackers, particularly the Tortilla hackers, who had been wreaking havoc with their Babuk-based variant. The arrest has further enabled security experts to build a free decryptor for Tortilla’s victims, alleviating the impact of this particular strain of ransomware.
Description last updated: 2024-08-14T08:49:28.835Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Babuk is a possible alias for Tortilla. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio
4
Babuk Tortilla is a possible alias for Tortilla. Babuk Tortilla is a variant of malware, specifically ransomware, that was first discovered by Cisco Talos researchers in October 2021. This malicious software infiltrates computer systems, often unbeknownst to the user, through suspicious downloads, emails, or websites, and can cause significant har
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Encryption
Vulnerability
Encrypt
Exploit
Ransom
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Proxyshell Vulnerability is associated with Tortilla. ProxyShell is a vulnerability that affects Microsoft Exchange email servers, posing a significant risk to organizations worldwide. This flaw in software design or implementation allows attackers to exploit the system and gain unauthorized access. Since early 2021, Iranian government-sponsored APT acUnspecified
2
Source Document References
Information about the Tortilla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
4 months ago
Securityaffairs
5 months ago
CERT-EU
a year ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
10 months ago
CERT-EU
2 years ago