Tortilla

Malware updated 2 months ago (2024-08-14T10:00:03.353Z)

Download STIX

Preview STIX

Tortilla is a variant of the Babuk ransomware, a malicious software that encrypts victims' files and demands a ransom for their release. This malware, like others of its kind, can infiltrate systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can disrupt operations, steal personal information, or hold data hostage for ransom. The Tortilla group based its crypto-locking malware on the leaked Babuk source code, which led to its widespread use and damage. Fortunately, a breakthrough was achieved with the release of a decryptor for the Tortilla variant of Babuk ransomware. This development greatly simplifies the process of decrypting files locked by Tortilla. Avast updated its free Babuk decryptor, which is also available via the No More Ransom portal, to handle Tortilla-encrypted files. Interestingly, Tortilla used a single public/private key pair to encrypt all its victims' files, unlike other groups that generate new keys for each victim. This did not change the encryption schema, making it easier for victims to decrypt their files. In a significant disruption to the Tortilla group's operations, the leader was arrested by Dutch police in Amsterdam following intelligence provided by Cisco’s Talos threat intelligence group. The arrest was subsequently prosecuted by the Dutch Public Prosecution Office. This event marked a major setback for the ransomware attackers, particularly the Tortilla hackers, who had been wreaking havoc with their Babuk-based variant. The arrest has further enabled security experts to build a free decryptor for Tortilla’s victims, alleviating the impact of this particular strain of ransomware.

Description last updated: 2024-08-14T08:49:28.835Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Babuk is a possible alias for Tortilla. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio	4
Babuk Tortilla is a possible alias for Tortilla. Babuk Tortilla is a variant of malware, specifically ransomware, that was first discovered by Cisco Talos researchers in October 2021. This malicious software infiltrates computer systems, often unbeknownst to the user, through suspicious downloads, emails, or websites, and can cause significant har	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Encryption

Vulnerability

Encrypt

Exploit

Ransom

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The Proxyshell Vulnerability is associated with Tortilla. ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. It is a software design and implementation flaw that allows attackers to gain unauthorized access to the affected systems. The exploit chain for ProxyShell includes CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207.	Unspecified	2

Source Document References

Information about the Tortilla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	3 months ago	security-affairs-malware-newsletter-round-5
CERT-EU	9 months ago	Medusa and Akira Rage; Tortilla Disrupted \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	4 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	7 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	7 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	7 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
CERT-EU	2 years ago	Links 14/04/2023: Libreboot 20230413 and Kirigami Addons 0.8.0