Kaspersky exposes FunkSec, a ransomware group that has been highly active since the beginning of this year. Using AI and an open “affiliate network”, FunkSec carries out attacks on a large scale.
Marc Rivero from the Kaspersky GReAT research team presented the research during a conference of the security specialist in Madrid. According to Rivero, FunkSec is living proof that cybercriminals are using AI to carry out attacks on a large scale. But that’s not the only thing that makes FunkSec unique.
FunkSec first appeared in late 2024. The ransomware has spread rapidly since then and has already targeted governments, technology companies, financial institutions, and educational institutions in Europe. Kaspersky examined the ransomware and discovered that large portions of the code were developed using generative AI.
With or without Password
What distinguishes FunkSec from other ransomware is the combination of full-scale encryption, aggressive data theft, and a self-cleaning function, written in a single Rust program. The ransomware can disable more than 50 processes on a victim’s computer.
Additionally, the group uses a password mechanism. Without a password, the malware only performs basic encryption. With a password, the encrypted data can also be pulled in by the criminals.
Everyone an Affiliate
Kaspersky’s researcher concludes that FunkSec uses generative AI to write parts of the code. Ironically, this is evident from ‘imperfections’ and redundant functions in the code. The use of AI allows the attackers to carry out large-scale attacks with FunkSec in an accessible way. It’s just one of the ways cybercriminals are using AI.
read also
The Era of ‘Pathetic Phishing Attacks’ is Over
Notably, the FunkSec group offers everything for free, both the source code and a ready-to-use proof of concept to execute it. In addition to ransomware, FunkSec has an extensive catalog of hacking tools on its own leak site, such as “password grabbers” and simple tools for DDoS attacks. FunkSec also demands low ransoms and primarily earns money by reselling stolen data.
According to Rivero, this is an “unprecedented” approach. “In principle, anyone can become an affiliate of FunkSec, even those outside the network. Precisely because the code was largely developed with AI, the cost is less important. Building the network and increasing the volume of attacks is the priority”.