Avast Unveils Updated Babuk Decryptor in Collaboration with Cisco Talos and Dutch Police

Babuk Tortilla ransomware decryptor
Image: Talos Intelligence

In a significant breakthrough in the fight against cybercrime, Cisco Talos, in cooperation with Dutch Police and Avast, has recovered a crucial decryptor for systems affected by the Babuk ransomware variant known as Tortilla. This success story began with the meticulous analysis of the ransomware by Talos and culminated in a triumphant police operation in Amsterdam, leading to the apprehension of the malware’s creator.

Babuk ransomware, notorious for its devastating impact on industries like healthcare, manufacturing, logistics, and public services, emerged in 2021 as a formidable adversary. The ransomware’s versatility across multiple platforms and its ability to disrupt system backups and delete volume shadow copies amplified its threat. The situation worsened when the ransomware’s source code leaked online in September 2021, allowing other cybercriminals to adopt and potentially enhance its capabilities.

Image: Talos Intelligence

The pivotal moment in this saga was the recovery and analysis of the Tortilla decryptor by Cisco Talos. This decryptor, believed to be created from the leaked Babuk source code, utilized a single key pair to attack victims, making its decryption crucial for counteracting the ransomware. Despite the original decryptor’s slow performance due to inefficient file system traversal, Talos extracted the private key and collaborated with Avast to integrate it into the generic Avast Babuk decryptor.

The Avast Babuk decryptor, optimized for performance, offers a swift and user-friendly solution for victims. It contains all currently known Babuk keys, providing a comprehensive tool against various Babuk variants, including the Tortilla variant.

Victims of the Babuk Tortilla variant can now access the updated Avast Babuk decryptor through the NoMoreRansom website or Avast’s download page. This development not only aids those affected but also serves as a beacon of hope in the ongoing battle against ransomware.