FunkSec ransomware victims are getting a break via a decryptor released by cybersecurity experts at Avast.
This week, Avast said it is working with law enforcement agencies to help the alleged 113 victims of the ransomware gang decrypt their files.
The gang was short-lived, only lasting from December 2024 until March 15. Ladislav Zezula — a malware researcher at Avast’s parent company Gen — wrote that the ransomware “is now considered dead” after emerging in early December. The company did not respond to requests for comment about what caused the actors behind the ransomware to move on.
The report links to research claiming the FunkSec ransomware was written in part using artificial intelligence.
“Notably, the authors used AI to create tools and phishing templates, though they emphasize that AI contributes to only about 20% of their operations,” Zezula said.
The hackers operated like most groups, appending the extension “.funksec” to encrypted files. A ransom note was dropped in every folder.
The decryptor was shared by the EU’s European Cybercrime Centre and added to its large No More Ransom repository with dozens of ransomware decryptors. Last week, Japanese law enforcement created another decryptor for the Phobos ransomware.
The FunkSec gang claimed to have attacked institutions across Europe, including several universities in France and other businesses. In January, researchers from cybersecurity firm Check Point said the group likely consisted of inexperienced hackers seeking visibility and recognition because many “of the group’s leaked datasets are recycled from previous hacktivism campaigns.”
The report also supported the earlier theories that FunkSec developers likely used AI in creating the malware. FunkSecdemanded relatively miniscule ransoms that at times were as low as $10,000, Check Point said.
The group listed Recorded Future News and a reporter on its leak site following coverage of the group’s emergence but did not claim to have stolen any information.
Jason Soroko, senior fellow at security firm Sectigo, said the mismatch between polished social engineering and sloppy core malware let analysts unravel the ransomware — illustrating that AI will be able to accelerate cybercrime but also “bake the uniform style and common errors of large language models straight into the malware making reverse engineering easier once defenders recognise those patterns.”
Deepwatch’s Frankie Sclafani added that FunkSec illustrated the power of AI to automate malicious code generation and the crafting hyper-realistic phishing attacks.
Recorded Future
Intelligence Cloud.
Learn more.
