Technical Analysis Strings obfuscation The steps for decrypting a Pikabot string are relatively simple. Each string is decrypted only when required (in other words, Pikabot does not decrypt all strings at once). Pikabot follows the steps below to decrypt a string: Pushes on the stack the encrypted string array. Initializes the RC4 encryption algorithm. The […]
Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. Cisco Talos shared the key with our peers at Avast for inclusion in the Avast Babuk decryptor released in 2021. The decryptor includes all […]