Free Decryptor for Black Basta & Babuk’s Tortilla Ransomware Victims Unleashed

January 10, 2024
1 min read


TLDR:

A decryptor has been released by Cisco Talos for the Tortilla variant of the Babuk ransomware, allowing victims to regain access to their files. This comes after the cybersecurity firm shared threat intelligence with Dutch law enforcement that led to the arrest of the threat actor behind the operations. The decryption key has also been shared with Avast, which had previously released a decryptor for Babuk ransomware. German cybersecurity firm Security Research Labs (SRLabs) has also released a decryptor for Black Basta ransomware that takes advantage of a cryptographic weakness to recover files either partially or fully.

Summary:

A decryptor has been released for the Tortilla variant of the Babuk ransomware, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm, Cisco Talos, shared the threat intelligence they gathered with Dutch law enforcement authorities, which resulted in the arrest of the threat actor behind the operations.

Avast, which had previously released a decryptor for the Babuk ransomware after its source code was leaked in September 2021, has been shared the encryption key. Avast noted that “a single private key is used for all victims of the Tortilla threat actor,” making the update to the decryptor especially useful for all victims of the campaign.

The Tortilla campaign was first disclosed by Talos in November 2021 and involves the ransomware being dropped within victim environments by exploiting ProxyShell flaws in Microsoft Exchange servers. The Tortilla ransomware, along with other variants such as Rook, Night Sky, Pandora, Nokoyawa, Cheerscrypt, AstraLocker 2.0, ESXiArgs, Rorschach, RTM Locker, and RA Group, have based their file-encrypting malware on the leaked Babuk source code.

In addition to the Tortilla decryptor, German cybersecurity firm Security Research Labs (SRLabs) has released a decryptor for Black Basta ransomware. The decryptor, called Black Basta Buster, takes advantage of a cryptographic weakness to recover files either partially or fully. However, the tool no longer works with newer infections as the Black Basta developers have reportedly fixed the issue.


Latest from Blog

Top VPN’s privacy claims confirmed by independent auditors

TLDR: Independent auditors from Deloitte Romania confirmed CyberGhost VPN’s privacy claims through a detailed audit of their systems. Auditors found that CyberGhost’s no-logs infrastructure works as expected, ensuring user data privacy. Independent

MediSecure hacked with massive ransomware data breach

Summary of ‘MediSecure hit by large-scale ransomware data breach’ TLDR: MediSecure, an Australian prescriptions provider, was hit by a large-scale ransomware attack. The incident is believed to have originated from one of

Equalizing cybersecurity for all

TLDR: A discussion on how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection, and response solutions. Blumira is working to lower the barrier to entry in cybersecurity for