FunkSec Ransomware Dominating Ransomware Attacks, Compromised 85 Victims in December

A new ransomware group called FunkSec has emerged as a dominant force in the cybercrime landscape, claiming to have compromised over 85 victims in December 2024 alone.

This unprecedented surge in activity has surpassed all other ransomware groups during the same period, raising concerns among cybersecurity experts and organizations worldwide.

FunkSec, which first surfaced in late 2024, has quickly gained notoriety for its unique approach to ransomware attacks.

The group presents itself as a Ransomware-as-a-Service (RaaS) operation, employing double extortion tactics that combine data theft with encryption to pressure victims into paying ransoms.

What sets FunkSec apart is its apparent use of AI-assisted malware development, enabling even inexperienced actors to produce and refine advanced tools rapidly.

Despite the high number of claimed victims, cybersecurity researchers at Check Point Research (CPR) have raised doubts about the authenticity of FunkSec’s disclosures.

Security analysts at CheckPoint found that many of the group’s leaked datasets appear to be recycled from previous hacktivism campaigns, suggesting that the actual impact of their operations may be more modest than claimed.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

FunkSec’s victims

FunkSec’s victims span across multiple continents, with a significant focus on:-

• The United States
• India
• Italy
• Brazil
• Israel
• Spain
• Mongolia

The group has gained attention for demanding unusually low ransoms, sometimes as little as $10,000, and selling stolen data to third parties at reduced prices.

Interestingly, analysis of FunkSec’s activities suggests that the group may be operated by relatively inexperienced actors with ties to hacktivist groups.

The ransomware’s code, which appears to have been developed in Algeria, contains elements that suggest AI assistance in its creation. This use of AI technology has allowed the group to rapidly iterate and improve their tools despite an apparent lack of technical expertise.

Here below we have mentioned all the top malware families:-

• FakeUpdates
• AgentTesla
• Androxgh0st
• Remcos
• AsyncRat
• NJRat
• Rilide
• Phorpiex
• Formbook
• Amadey

FunkSec’s emergence highlights the evolving threat landscape in cybersecurity, where the line between hacktivism and cybercrime is increasingly blurred.

The group has attempted to associate itself with several now-defunct hacktivist groups and appears to target organizations in countries aligned with or supporting Israel.

With ransomware attacks continuing to pose a significant threat to businesses and institutions globally, the rise of AI-assisted groups like FunkSec shows the urgent need for enhanced cybersecurity measures and continued vigilance in the face of evolving digital threats.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar