2025-01-15 03:08:55 Pacfic
FunkSec Ransomware Group Uses AI for Attacks - 3d
FunkSec, a new ransomware group, has quickly risen to prominence since late 2024, claiming over 85 victims in its first month, more than any other group during the same period. This four-member team operates as a ransomware-as-a-service (RaaS), but has no established connections to other ransomware networks. FunkSec uses a blend of financial and ideological motivations, targeting governments and corporations in the USA, India and Israel while also aligning with some hacktivist causes, creating a complex operational profile. The group employs double extortion tactics, breaching databases and selling access to compromised websites.
A key aspect of FunkSec's operations is their use of AI to enhance their tools, such as developing malware, creating phishing templates, and even a chatbot for malicious activities. The group developed a proprietary AI tool called WormGPT for desktop use. Their ransomware is advanced using multiple encryption methods, and is able to disable protection mechanisms while gaining administrator privileges. They claim that AI contributes to only about 20% of their operations; despite their technical capabilities sometimes revealing inexperience, the rapid iteration of their tools suggests the AI assistance lowers the barrier for new actors in cybercrime.
ImgSrc: securityonline.info
References:
- @screaminggoat - Check Point Research : The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. - 3d
- Malware Analysis, News and Indicators - Latest topics - Malware News article about FunkSec. - 3d
- research.checkpoint.com - FunkSec – Alleged Top Ransomware Group Powered by AI - 3d
- The Hacker News - AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics - 3d
- osint10x.com - New amateurish ransomware group FunkSec using AI to develop malware - 2d
- Cybersecurity News - FunkSec: The Rising Ransomware Group Blurring the Lines Between Cybercrime and Hacktivism - 2d
- securityonline.info - SecurityOnline article on FunkSec. - 2d
- osint10x.com - Threat Actor Interview: Spotlighting on Funksec Ransomware Group - 2d
- training.invokere.com - FunkSec – Alleged Top Ransomware Group Powered by AI - 2d
- Osint10x - Threat Actor Interview: Spotlighting on Funksec Ransomware Group - 2d
- blog.checkpoint.com - Meet FunkSec: A New, Surprising Ransomware Group, Powered by AI - 1d
- @VirusBulletin - Check Point researchers explore FunkSec’s ties to hacktivist activity and provide an in-depth analysis of the group’s public operations and tools, including a custom encryptor. - 1d
- ciso2ciso.com - New Ransomware Group Uses AI to Develop Nefarious Tools – Source: www.infosecurity-magazine.com - 20h
Classification:
- HashTags: FunkSec Ransomware Hacktivism
- Target: Various organizations
- Attacker: FunkSec
- Feature: Ransomware
- Type: Ransomware
- Severity: Medium