Cooperation between Cisco Talos and the Dutch police has led to disabling the Babuk ransomware’s Tortilla variant. The hacker responsible has been arrested, and a very commonly used decryption tool has been discovered.
Recently, the possible mastermind behind Babuk Tortilla was apprehended in Amsterdam. The Tortilla Babuk variant surfaced quickly after the source code of the Babuk ransomware was published on a hacker forum. Specifically, this variant focused on attacking Microsoft Exchange servers with ProxyShell exploits to deploy the ransomware.
Decryptor tool also discovered
In addition, the parties managed to obtain a decryption tool that could be used to free files encrypted with the variant. According to Cisco Talos security experts, the tool contained a single public/private key pair used for all attacks with the Babuk ransomware.
With the now-discovered single public/private key pair used for all Babuk attacks, this decryptor can still target the Tortilla variant. Cisco Talos shared the features with Avast to update its tool.
Despite Babuk Tortilla now being disabled, many variants remain in circulation, according to Cisco Talos. These include the Rook, Night Sky, Pandora, Nokoyawa Cheerscrypt, AstraLocker 2.0, ESCiArgs, Rorschach, RTM Locker, and RA Group variants. Thus, vigilance remains in place.
Also read: Malware infected fully patched Windows systems via Excel macros
16 hours ago
