January 10, 2024 at 06:34AM
Cisco Talos released a decryptor for the Tortilla variant of Babuk ransomware, enabling victims to regain file access. The cybersecurity firm shared intelligence that led to the arrest of the threat actor. Avast also obtained the encryption key, updating its decryptor for all Tortilla victims. Meanwhile, Security Research Labs unveiled Black Basta Buster to recover files affected by Black Basta ransomware.
From the meeting notes:
– Cisco Talos released a decryptor for the Babuk ransomware variant Tortilla, allowing victims to regain access to their files.
– Dutch law enforcement arrested the threat actor behind the operations, thanks to threat intelligence shared by Cisco Talos.
– Avast has been provided with the encryption key and updated the decryptor for Tortilla ransomware. The decryptor is available as an EXE file.
– The Tortilla campaign, leveraging ProxyShell flaws in Microsoft Exchange servers, was first disclosed by Talos in November 2021.
– Several ransomware variants, including Rook, Night Sky, Pandora, and others, are based on the leaked Babuk source code.
– German cybersecurity firm SRLabs released a decryptor called Black Basta Buster for Black Basta ransomware, allowing partial or full file recovery.
Note: Bleeping Computer reported that the Black Basta developers fixed the issue, preventing the decryptor tool from working with newer infections.