{"id":55018,"date":"2024-01-09T13:18:16","date_gmt":"2024-01-09T13:18:16","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/"},"modified":"2024-01-09T13:18:16","modified_gmt":"2024-01-09T13:18:16","slug":"and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/","title":{"rendered":"And that&#8217;s a wrap for Babuk Tortilla ransomware as free decryptor released"},"content":{"rendered":"<p>Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant.<\/p>\n<p>A collaboration between Cisco Talos, Avast, and the Netherlands police led to the development of the new decryptor and the arrest of the criminals behind the variant.<\/p>\n<p>According to Cisco Talos, the Amsterdam police force arrested the individual behind Babuk Tortilla, and the Dutch Public Prosecution Office prosecuted them, although neither institution has published information about the case or responded to <em>The Register&#8217;s<\/em> request for details.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Cisco Talos said it obtained the Babuk Tortilla decryptor and shared it with Avast, which already hosts the industry&#8217;s go-to generic Babuk decryptor, now updated to support Tortilla victims.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>The infosec arm of the networking giant didn&#8217;t mention how it came to possess the decryptor, but said it was likely developed based on the Babuk source code leak from 2021 \u2013 the same leak that helped researchers develop the generic decryptor in the same year.<\/p>\n<p>Analysis of the decryptor, now freely available online, revealed that the operator of the Tortilla variant decided against using a unique private\/public key pairing for each victim, instead using the same in every attack.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Avast said this made the task of updating the generic decryptor to support Tortilla &#8220;straightforward,&#8221; and that the use of a single private key across all victims means every Tortilla victim can benefit from the decryptor.<\/p>\n<p>Rather than simply releasing the decryption software obtained by Cisco Talos to the world, the decision was made to extract the private key and add it to the list of keys supported by the existing decryptor. Simply releasing the decryptor may have exposed organizations to untrusted code, said Vanja Svajcer, outreach researcher at Cisco Talos.<\/p>\n<p>The obtained decryption software is also slow and less efficient than Avast&#8217;s decryptor, we&#8217;re told, because of the way in which it traverses the file system.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Organizations can download the updated decryptor from <a target=\"_blank\" href=\"https:\/\/www.avast.com\/ransomware-decryption-tools#babuk\" rel=\"nofollow noopener\">Avast<\/a> or the Europol-run <a target=\"_blank\" href=\"https:\/\/www.nomoreransom.org\/en\/decryption-tools.html\" rel=\"nofollow noopener\">No More Ransom project<\/a>, which also hosts a plethora of decryptors for other ransomware families.<\/p>\n<h3 class=\"crosshead\">Babuk&#8217;s background<\/h3>\n<p>The Babuk ransomware family emerged in 2020 or 2021, depending on which security vendor you ask, and is described as &#8220;a highly advanced form of ransomware developed for multiple platforms, such as Windows and Arm for Linux&#8221; by SentinelOne.<\/p>\n<p>Babuk is responsible for attacks on the healthcare and manufacturing sectors, as well as <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/04\/27\/washington_dc_police_ransomware\/\" rel=\"noopener\">critical infrastructure<\/a>, and its 2021 source code leak led to the emergence of various other ransomware families, all based on leaked Babuk code.<\/p>\n<p>It&#8217;s believed that at least ten other ransomware groups had taken Babuk&#8217;s code and used it to create spinoff families including <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/04\/11\/april_patch_tuesday_ransomware\/\" rel=\"noopener\">Nokoyawa<\/a>, <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/07\/06\/astralocker-ransomware-shutters-operations\/\" rel=\"noopener\">AstraLocker 2.0<\/a>, <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/02\/08\/esxiargs_ransomware_recovery_script\/\" rel=\"noopener\">ESXiArgs<\/a>, <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/10\/24\/cisa_fbi_daixin_ransomware\/\" rel=\"noopener\">Team Daixin<\/a>, and <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/06\/13\/helloxd-ransomware-evolving\/\" rel=\"noopener\">HelloXD<\/a>, among others.<\/p>\n<p>The Tortilla variant, released in 2021, initially targeted Microsoft Exchange servers vulnerable to the <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/08\/12\/git_proxyshell_gigabyte\/\" rel=\"noopener\">ProxyShell exploit<\/a>.<\/p>\n<p>&#8220;The actor used a specific infection chain technique where an intermediate unpacking module is hosted on a pastebin.com clone, pastebin.pl,&#8221; Svajcer <a target=\"_blank\" href=\"https:\/\/blog.talosintelligence.com\/decryptor-babuk-tortilla\/\" rel=\"nofollow noopener\">said<\/a>. &#8220;The intermediate unpacking stage was downloaded and decoded in memory before the final payload embedded within the original sample was decrypted and executed.&#8221;<\/p>\n<p>Avast&#8217;s analysis of the Tortilla ransom note revealed that it uses AES-256 encryption and a ChaCha8 cipher to lock up victims&#8217; files before demanding payment in Monero \u2013 a privacy-focused token that&#8217;s more difficult to trace than Bitcoin.<\/p>\n<p>The note seen by Avast requested a payment of just $10,000 \u2013 a sum that pales in comparison to the <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/01\/03\/ban_ransomware_payments\/\" rel=\"noopener\">current average<\/a> bad guy&#8217;s demand \u2013 although reports elsewhere have seen demands from the group significantly higher, but still well below today&#8217;s norms. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/01\/09\/babuk_tortilla_decryptor_arrests\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Experts&#8217; job made &#8216;straightforward&#8217; by crooks failing to update encryption schema after three years Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-55018","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>And that&#039;s a wrap for Babuk Tortilla ransomware as free decryptor released 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"And that&#039;s a wrap for Babuk Tortilla ransomware as free decryptor released 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-09T13:18:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"And that&#8217;s a wrap for Babuk Tortilla ransomware as free decryptor released\",\"datePublished\":\"2024-01-09T13:18:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/\"},\"wordCount\":612,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/\",\"name\":\"And that's a wrap for Babuk Tortilla ransomware as free decryptor released 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-01-09T13:18:16+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#primaryimage\",\"url\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"And that&#8217;s a wrap for Babuk Tortilla ransomware as free decryptor released\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"And that's a wrap for Babuk Tortilla ransomware as free decryptor released 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/","og_locale":"en_US","og_type":"article","og_title":"And that's a wrap for Babuk Tortilla ransomware as free decryptor released 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-01-09T13:18:16+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"And that&#8217;s a wrap for Babuk Tortilla ransomware as free decryptor released","datePublished":"2024-01-09T13:18:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/"},"wordCount":612,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/","url":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/","name":"And that's a wrap for Babuk Tortilla ransomware as free decryptor released 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-01-09T13:18:16+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZZ2tYTOmPyWaFIU9XaUSqAAAAdQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/and-thats-a-wrap-for-babuk-tortilla-ransomware-as-free-decryptor-released\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"And that&#8217;s a wrap for Babuk Tortilla ransomware as free decryptor released"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55018","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55018"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55018\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55018"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55018"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55018"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}