Unlock The Fun: Tortilla Ransomware’s Golden Ticket and Black Basta’s Comedy of Errors

Good news, folks! Cisco Talos has served up a delicious course of justice with their Babuk Ransomware Decryptor Release. No more biting your nails over the Tortilla variant— it’s a full-on fiesta for your encrypted files. Meanwhile, Black Basta’s licking its wounds, thanks to their exploited cryptographic flaw. Let’s hear it for cyber superheroes!

Hot Take:

It’s a good day to be a victim of the Tortilla ransomware. Cisco Talos just released the decryptor key, and it’s like finding the golden ticket but for your encrypted files. It’s a rare win in the eternal cat-and-mouse game we play with cyber ne’er-do-wells. Meanwhile, Black Basta’s cryptographic weakness has been exploited, and they’re now the ones crying over spilt milk… or spilled bytes, to be precise.

Key Points:

  • Cisco Talos released a decryptor for the Tortilla variant of Babuk ransomware.
  • The decryption key was shared with Avast, which had previously released a decryptor for Babuk.
  • The Tortilla campaign was first revealed by Talos in November 2021, utilizing ProxyShell flaws in Microsoft Exchange servers.
  • Another decryptor for Black Basta ransomware was released by Security Research Labs (SRLabs).
  • Files can be recovered if the plaintext of 64 encrypted bytes is known, although there are size limitations.

Need to know more?

Extra Cheese on the Tortilla

The Tortilla ransomware variant has been giving victims a hard time, but thanks to the knights in shining armor at Cisco Talos, a decryptor has been released. With this key, victims can access their encrypted files, making it a de facto skeleton key for this nasty piece of malware. And guess what? This key was shared with Avast, the cybersecurity equivalent of your favorite neighborhood watch.

ProxyShell? More Like ProxyHell

The Tortilla campaign, first disclosed by Talos in November 2021, took advantage of ProxyShell flaws in Microsoft Exchange servers to drop its ransomware. Just like the worst kind of party guest, it sneaks in through the back door and then causes all sorts of havoc.

Black Basta Busted

Meanwhile, the German cybersecurity firm SRLabs has been playing detective, and they've found a cryptographic weakness in the Black Basta ransomware. They've managed to exploit this flaw and released a decryptor, appropriately named the Black Basta Buster. It's like a superhero punch right to the heart of the ransomware. There are some size limitations, but hey, in the war against ransomware, every decrypted byte counts.
Tags: Babuk Ransomware, Black Basta ransomware., Cisco Talos, Microsoft Exchange servers, ProxyShell Flaws, threat intelligence, Tortilla Ransomware