Skip to Content
logologo
AI Incident Database
Open TwitterOpen RSS FeedOpen FacebookOpen LinkedInOpen GitHub
Open Menu
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse

Incident 897: AI-Assisted Ransomware Campaign by FunkSec Allegedly Targets Over 80 Victims

Description: The FunkSec ransomware group allegedly leveraged AI tools, such as Miniapps chatbots, to develop and refine its ransomware operations, which is reported to have allowed apparently inexperienced actors to produce advanced malware rapidly. It is reported that the group claimed to have launched its data leak site in December 2024, allegedly targeting over 80 victims with ransomware and double extortion tactics. AI reportedly supported the creation of detailed code comments in order to refine the group's technical presentation, while also allegedly facilitating the rapid iteration of its custom encryptor written in Rust.
Editor Notes: Check Point's investigation, published on January 10, 2025, provides further details: https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/.

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Entities

View all entities
Alleged: FunkSec developed an AI system deployed by FunkSec , Scorpion , DesertStorm , El_Farado , Blako , XTN and Bjorka, which harmed FunkSec ransomware targets.
Alleged implicated AI systems: Unknown LLM systems and Miniapps

Incident Stats

Incident ID
897
Report Count
5
Incident Date
2025-01-10
Editors
Daniel Atherton

Incident Reports

Reports Timeline

+3
FunkSec – Alleged Top Ransomware Group Powered by AI - Check Point Research
+1
Emerging FunkSec Ransomware Developed Using AI
FunkSec – Alleged Top Ransomware Group Powered by AI - Check Point Research

FunkSec – Alleged Top Ransomware Group Powered by AI - Check Point Research

research.checkpoint.com

New amateurish ransomware group FunkSec using AI to develop malware

New amateurish ransomware group FunkSec using AI to develop malware

therecord.media

AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics

AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics

thehackernews.com

Emerging FunkSec Ransomware Developed Using AI

Emerging FunkSec Ransomware Developed Using AI

securityweek.com

85 Victims and Counting: What To Know About FunkSec Ransomware

85 Victims and Counting: What To Know About FunkSec Ransomware

eweek.com

FunkSec – Alleged Top Ransomware Group Powered by AI - Check Point Research
research.checkpoint.com · 2025

Please see the full investigation at Check Point. This incident report omits figures, graphics, tables, and certain details.

Key Points

  • The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing…
New amateurish ransomware group FunkSec using AI to develop malware
therecord.media · 2025

Researchers have uncovered a new ransomware group that has claimed over 80 victims in just one month --- more than any other threat actor in December.

The group, known as FunkSec, emerged late last year and likely consists of inexperienced …

AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
thehackernews.com · 2025

Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date.

"The group uses double extortion ta…

Emerging FunkSec Ransomware Developed Using AI
securityweek.com · 2025

An emerging ransomware group named FunkSec has risen to fame after claiming responsibility for attacks on more than 80 victims in December 2024, Check Point reports.

FunkSec appears to be involved in both hacktivism and cybercrime activitie…

85 Victims and Counting: What To Know About FunkSec Ransomware
eweek.com · 2025

A new ransomware group, FunkSec, has emerged as a growing concern for its use of artificial intelligence (AI) to enhance its tools. The group just debuted in late 2024 but has already claimed more than 85 victims globally. Researchers at Ch…

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

AI-Generated Profiles Used in Disinformation Campaign Targeting Ukrainians

AI-Generated Profiles Used in Disinformation Campaign Targeting Ukrainians

Feb 2022 · 4 reports
The DAO Hack

The DAO Hack

Jun 2016 · 24 reports
Hackers Break Apple Face ID

Hackers Break Apple Face ID

Sep 2017 · 24 reports
Previous IncidentNext Incident

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

AI-Generated Profiles Used in Disinformation Campaign Targeting Ukrainians

AI-Generated Profiles Used in Disinformation Campaign Targeting Ukrainians

Feb 2022 · 4 reports
The DAO Hack

The DAO Hack

Jun 2016 · 24 reports
Hackers Break Apple Face ID

Hackers Break Apple Face ID

Sep 2017 · 24 reports

Research

  • Defining an “AI Incident”
  • Defining an “AI Incident Response”
  • Database Roadmap
  • Related Work
  • Download Complete Database

Project and Community

  • About
  • Contact and Follow
  • Apps and Summaries
  • Editor’s Guide

Incidents

  • All Incidents in List Form
  • Flagged Incidents
  • Submission Queue
  • Classifications View
  • Taxonomies

2024 - AI Incident Database

  • Terms of use
  • Privacy Policy
  • Open twitterOpen githubOpen rssOpen facebookOpen linkedin
  • ecd56df