A new cyber gang called Babuk-Bjorka has emerged earlier this year, ranking third with 167 reported victims in the first quarter of 2025. The group claims to be a reincarnation of the original Babuk ransomware operators who ceased their activities in 2021 after their source code was leaked. However, there is no concrete evidence to support this connection. Experts speculate that the new actor is using the name Babuk to attract media attention and attract partners through a Ransomware as a Service (RaaS) model.
On the other hand, another ransomware group known as FunkSec made its first appearance in December 2024. Since then, the group has claimed responsibility for over 170 attacks, although the credibility of these claims remains uncertain. Research conducted by Check Point Research suggests that the malware used by FunkSec was likely developed with the help of AI tools. This allows for the adaptation and refinement of the malicious code without requiring advanced technical knowledge.
The use of AI significantly lowers the barrier to entry for cyber criminals and enables the deployment of sophisticated ransomware by relatively inexperienced individuals, according to security experts. However, categorizing FunkSec is challenging as the group operates at the intersection of hacktivism and financially motivated crime. This complexity makes it difficult to reliably assess the underlying motives of the group.
Overall, the emergence of Babuk-Bjorka and FunkSec highlights the evolving landscape of cyber threats and the increasing sophistication of ransomware attacks. The use of advanced technologies such as AI poses new challenges for cybersecurity professionals and underscores the importance of proactive measures to protect against such threats. As these cyber gangs continue to evolve and adapt their tactics, it is essential for organizations to stay vigilant and implement robust security measures to safeguard their systems and data from potential attacks.