A new Artificial Intelligence (AI) assisted ransomware operation called FunkSec has been discovered by Cyber Security researchers. According to Check Point Research, this attack sprang up in late 2024 and the group has already claimed more than 85 victims across multiple countries, including the United States, India, Italy, Brazil, Israel, Spain, and Mongolia. This amplifies the concerning shift in how cybercriminals are leveraging artificial intelligence to enhance their attacks.
FunkSec notably uses AI in their malware development which enables inexperienced threat actors to create sophisticated cyber weapons. The group employs double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms. Unusually, they demand relatively low ransoms, sometimes as low as $10,000, while also selling stolen data to third parties at reduced prices.
In December 2024, FunkSec launched their data leak site (DLS) to centralize their ransomware-as-a-service (RaaS) operations. The site highlights breach announcements, a custom DDoS attack tool, and their customized ransomware. However, researchers have pointed out that their work appears to be recycled from previous hacktivist campaigns.
The technical sophistication and extensive use of AI in FunkSec’s operation is evident in their code. Check Point researchers found that their tools, including the ransomware encryptor, contain extensive code comments in perfect English, likely generated by AI Large Language Model (LLM ) agents. The group has also developed an AI chatbot based on Miniapps to support their malicious activities, demonstrating their commitment to leveraging AI across their operations. In some of their published messages, the group specifically linked the development of their ransomware to LLM agents.
These new threats present a troubling reality for Cyber Security professionals, where even low-skill threat actors can make use of accessible AI tools to create advanced cyber weapons. FunkSec’s operations blur the line between hacktivism and cybercrime. It also challenges traditional methods of threat assessment and highlighting the need for more objective evaluation techniques in the cybersecurity community.
About the author:
