Ransomware attacks have dominated headlines for quite some time, with various hacking groups targeting both public and private organizations. Law enforcement agencies have also been actively engaged in covert operations to apprehend those behind these malicious campaigns.
However, the latest news brings a familiar story with a fresh twist: a ransomware group called FunkSec has garnered significant attention after claiming responsibility for more than 80 cyberattacks in December 2024, according to a report from Check Point Software Technologies.
What sets FunkSec apart is its use of a malware developed in the RUST programming language, which was reportedly created by artificial intelligence. Security experts at Check Point suggest that the hackers behind FunkSec may be relatively inexperienced, relying on advanced technology tools to create and distribute their ransomware.
Once deployed, FunkSec begins encrypting crucial files, disabling Windows Defender’s real-time protection, and preventing applications and other logging events. It also restricts PowerShell executions and deletes shadow copy backups. In addition, the malware terminates over 50 essential system processes before locking down files with encryption. Afterward, the attackers demand a relatively low ransom of $10,000 in Cryptocurrency.
In addition to launching direct attacks, FunkSec operates on a ransomware-as-a-service (RaaS) model, providing the tools and infrastructure to other cybercriminals who wish to carry out their own attacks.
Interestingly, FunkSec doesn’t give its victims much time to respond. Instead, it quickly sells the stolen data to interested parties to avoid attracting attention from law enforcement due to high ransom demands or tactics like double or triple extortion. The primary targets of FunkSec thus far have been in India and the United States.
However, not all data leaks associated with this campaign are legitimate. Upon closer inspection, some of the information appears to be sourced from previous attacks by other ransomware groups, including BlackCat and LockBit.
As FunkSec continues to target victims across the globe, it is crucial to remain vigilant, as its reach could soon expand into the Middle East as well.
Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group “Information Security Community”!