Skip to content

Ransomware developers are now using AI assistance

  • by
  • 3 min read

Illustration: JMiks | Shutterstock

A new ransomware family dubbed FunkSec came to light in late 2024. Security researchers’ analysis of the group revealed that it might be the work of amateur threat actors using AI assistance to quickly improve their malware and other tools despite the apparent lack of technical expertise. So far, FunkSec has claimed more than 85 victims, with the majority located in the U.S., India, Italy, Brazil, Israel, Spain, and Mongolia.

Other than using AI to develop its arsenal, the group also asks for unusually low ransoms, going as low as $10,000, and sells stolen data to third parties at a lower price than other ransomware groups according to Check Point Research. It launched its data leak site in December 2024 to market its custom distributed denial of service (DDoS) tool, the ransomware as a service (RaaS) model, and call out victims.

A post on a hacker forum announcing Funksec V1.5’s launch. | Source: Check Point Research

The group’s attack activity also walks a thin line between activism and cybercrime. Unlike most ransomware groups who are purely driven by financial motivation, FunkSec claims to target Indian and US targets, aligning itself with the “Free Palestine” movement. The group has also tried aligning itself with hacktivist entities like Ghost Algeria and Cyb3r Fl00d and Scorpion (DesetStorm), El_farado, XTN, Blako, and Bjorka.

The aforementioned cybercrime groups have either promoted FunkSec on dark web forums or are associates using the group’s tools to carry out their own attacks. Interestingly, the ransomware developer also uploaded a part of the latest version of the ransomware, dubbed FunkSec V1.5, to VirusTotal from an Algerian IP address. Similar to other sophisticated ransomware families, FunkSec is also coded in Rust.

Other offerings from FunkSec. | Source: Check Point Research

By analysing comments in the Rust snippet, the researchers could point out the use of perfect English, as generated by an LLM model, compared to more basic English elsewhere in the script. The same pattern emerges in the group’s forum posts about their tools, where the group ran its script through an LLM and posted the output.

The group has also released an AI chatbot based on Miniapps — a platform allowing users to create and use AI apps and chatbots without the restrictions and safety guardrails that come with more popular offerings like ChatGPT and Bing.

In the News: Student, teacher info stolen in PowerSchool cyberattack

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>