AI-Powered FunkSec Ransomware Strikes 85 Companies with Aggressive Double-Ransom Strategy

AI-Powered FunkSec Ransomware Strikes 85 Companies with Aggressive Double-Ransom Strategy

FunkSec: New AI-Assisted Ransomware Group Emerges with Hybrid Tactics

A new ransomware operation called FunkSec has emerged in late 2024, combining AI-assisted attacks with hacktivist-style operations. According to Check Point Research, the group has already claimed over 85 victims across multiple countries, primarily targeting the U.S., India, Italy, Brazil, Israel, Spain, and Mongolia.

Key Features:
– Double extortion tactics combining data theft and encryption
– Unusually low ransom demands (starting at $10,000)
– Data broker services offering stolen information for $1,000-$5,000
– AI-assisted tool development
– Custom DDoS attack capabilities

The group launched its data leak site in December 2024, operating under a Ransomware-as-a-Service (RaaS) model. Analysis suggests FunkSec consists of novice actors, potentially recycling previously leaked data from hacktivist operations.

Notable Members:
– Scorpion (DesertStorm) – Suspected Algerian operator
– El_farado – Main promoter
– XTN – Data sorting specialist
– Blako – Associate
– Bjorka – Possible affiliate or impersonated identity

Technical Details:
– Latest ransomware version (V1.5) written in Rust
– Origins traced to Algeria
– Sophisticated encryption capabilities
– Ability to disable security controls and delete backups
– Process and service termination features

The group represents a growing trend of hybrid threats, blending traditional cybercrime with hacktivist activities while leveraging AI capabilities for rapid development and deployment of malicious tools.

Share This Article