New Update Babuk Ransomware Decryptor Retrieves Latest Variant’s Infected Files

January 14, 2024
1 min read

TLDR:

The Babuk ransomware decryptor has been updated to allow for the recovery of files infected with the latest ransomware variant. The update was developed by Avast cybersecurity researchers, Cisco Talos, and the Dutch Police. Babuk ransomware is known for targeting Windows systems, encrypting files, and demanding ransom payments. The recently updated Avast Decryptor is free and can restore files encrypted by the Tortilla Babuk variant, which has gained significant attention for its evolving tactics and sophisticated attacks.

The Babuk ransomware decryptor has received an update from Avast cybersecurity researchers, Cisco Talos, and the Dutch Police to allow for the recovery of files infected with the latest ransomware variant. Babuk ransomware initially emerged in early 2021 and is known for targeting Windows systems, encrypting files, and demanding ransom payments. The recently updated Avast Babuk decryption tool can restore the files encrypted by the Tortilla Babuk variant.

The Babuk ransomware gained attention for its evolving tactics and sophisticated attacks. Since its founding, the Avast security company has blocked over 5600 targeted attacks, the majority of which targeted individuals and organizations in Brazil, the Czech Republic, India, the United States, and Germany.

The Babuk ransomware source code was released in September 2021 in the form of a ZIP file on a Russian hacking forum. The recently updated Avast Decryptor is free and can aid the Babuk victims in the Tortilla campaign with a .babyk extension on the encrypted files. The decryptor creation was easy as the encryption scheme remained unchanged from previous analysis, and the Babuk encryptor is likely made from leaked sources and uses a single key for Tortilla threat actor victims.

The updated Avast Decryptor is free for all and helps aid the Babuk victims in the Tortilla campaign. The creators of the ransomware drop a ransom note in every directory of the compromised system, instructing victims on how to restore their files.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and