Incident 897: AI-Assisted Ransomware Campaign by FunkSec Allegedly Targets Over 80 Victims

Description: The FunkSec ransomware group allegedly leveraged AI tools, such as Miniapps chatbots, to develop and refine its ransomware operations, which is reported to have allowed apparently inexperienced actors to produce advanced malware rapidly. It is reported that the group claimed to have launched its data leak site in December 2024, allegedly targeting over 80 victims with ransomware and double extortion tactics. AI reportedly supported the creation of detailed code comments in order to refine the group's technical presentation, while also allegedly facilitating the rapid iteration of its custom encryptor written in Rust.
Editor Notes: Check Point's investigation, published on January 10, 2025, provides further details: https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/.

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Entities

View all entities
Alleged: FunkSec developed an AI system deployed by FunkSec , Scorpion , DesertStorm , El_Farado , Blako , XTN and Bjorka, which harmed FunkSec ransomware targets.
Alleged implicated AI systems: Unknown LLM systems and Miniapps

Incident Stats

Incident ID
897
Report Count
5
Incident Date
2025-01-10
Editors
Daniel Atherton
FunkSec – Alleged Top Ransomware Group Powered by AI - Check Point Research
research.checkpoint.com · 2025

Please see the full investigation at Check Point. This incident report omits figures, graphics, tables, and certain details.

Key Points

  • The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing…
New amateurish ransomware group FunkSec using AI to develop malware
therecord.media · 2025

Researchers have uncovered a new ransomware group that has claimed over 80 victims in just one month --- more than any other threat actor in December.

The group, known as FunkSec, emerged late last year and likely consists of inexperienced …

AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
thehackernews.com · 2025

Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date.

"The group uses double extortion ta…

Emerging FunkSec Ransomware Developed Using AI
securityweek.com · 2025

An emerging ransomware group named FunkSec has risen to fame after claiming responsibility for attacks on more than 80 victims in December 2024, Check Point reports.

FunkSec appears to be involved in both hacktivism and cybercrime activitie…

85 Victims and Counting: What To Know About FunkSec Ransomware
eweek.com · 2025

A new ransomware group, FunkSec, has emerged as a growing concern for its use of artificial intelligence (AI) to enhance its tools. The group just debuted in late 2024 but has already claimed more than 85 victims globally. Researchers at Ch…

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

AI-Generated Profiles Used in Disinformation Campaign Targeting Ukrainians

AI-Generated Profiles Used in Disinformation Campaign Targeting Ukrainians

· 4 reports
The DAO Hack

The DAO Hack

· 24 reports
Hackers Break Apple Face ID

Hackers Break Apple Face ID

· 24 reports
Previous IncidentNext Incident