
A new ransomware operation called FunkSec has emerged in late 2024, combining AI-assisted attacks with hacktivist-style operations. According to Check Point Research, the group has already claimed over 85 victims across multiple countries, primarily targeting the U.S., India, Italy, Brazil, Israel, Spain, and Mongolia.
Key Features:
– Double extortion tactics combining data theft and encryption
– Unusually low ransom demands (starting at $10,000)
– Data broker services offering stolen information for $1,000-$5,000
– AI-assisted tool development
– Custom DDoS attack capabilities
The group launched its data leak site in December 2024, operating under a Ransomware-as-a-Service (RaaS) model. Analysis suggests FunkSec consists of novice actors, potentially recycling previously leaked data from hacktivist operations.
Notable Members:
– Scorpion (DesertStorm) – Suspected Algerian operator
– El_farado – Main promoter
– XTN – Data sorting specialist
– Blako – Associate
– Bjorka – Possible affiliate or impersonated identity
Technical Details:
– Latest ransomware version (V1.5) written in Rust
– Origins traced to Algeria
– Sophisticated encryption capabilities
– Ability to disable security controls and delete backups
– Process and service termination features
The group represents a growing trend of hybrid threats, blending traditional cybercrime with hacktivist activities while leveraging AI capabilities for rapid development and deployment of malicious tools.