Report 4500

Associated Incidents

Incident 8975 Report
AI-Assisted Ransomware Campaign by FunkSec Allegedly Targets Over 80 Victims

Loading...
85 Victims and Counting: What To Know About FunkSec Ransomware
eweek.com · 2025

A new ransomware group, FunkSec, has emerged as a growing concern for its use of artificial intelligence (AI) to enhance its tools. The group just debuted in late 2024 but has already claimed more than 85 victims globally. Researchers at Check Point Research have highlighted FunkSec's unique approach, which combines novice tactics with advanced AI capabilities to blur the lines between hacktivism and cybercrime.

FunkSec: A Dual-Purpose Cybercriminal Group

FunkSec operates both as a ransomware group and a data broker, making its operations distinct in several ways, including the following:

  • AI-Assisted Tools: The development of the group's encryptor and related malware appears to be AI-driven, enabling rapid iteration despite the developers' limited expertise.
  • Double Extortion Tactics: FunkSec encrypts victim data while threatening to sell it unless a ransom is paid.
  • Low Ransom Demands: Victims face demands as low as $10,000, with stolen data often resold for $1,000 to $5,000.
  • Global Reach: Primary targets include residents of the U.S., India, Italy, Brazil, Israel, Spain, and Mongolia.
  • Hacktivist Links: The group claims to align with political movements like "Free Palestine," attempting to associate itself with defunct hacktivist entities such as Ghost Algeria.

AI Tools and Techniques

Prominent members such as DesertStorm and El_farado have been identified as key players, promoting FunkSec on underground forums. The use of AI tools appears to enable these actors to iterate quickly, despite their apparent lack of technical expertise. FunkSec ransomware's operations are supported by a range of advanced tools:

  • Ransomware-as-a-Service (RaaS): The group centralizes its operations on a data leak site (DLS), offering services to affiliates.
  • Custom Malware: FunkSec's latest ransomware, FunkSec V1.5, is written in Rust and employs AI to automate file encryption and evade security measures.
  • DDoS Attack Capabilities: The group includes tools for distributed denial-of-service (DDoS) attacks, further enhancing its arsenal.

FunkSec Ransomware: A Rising but Questionable Threat

While FunkSec has drawn attention for its AI-enhanced operations and global reach, questions remain about its sustainability and true effectiveness. Check Point Research suggests that FunkSec ransomware relies heavily on repurposed old data leaks, indicating a lack of original hacking innovation.

As cybercrime increasingly integrates AI, organizations must bolster their cybersecurity measures to defend against these evolving threats.

Read the Source