In a recent report by cybersecurity firm Check Point, a new ransomware group called FunkSec has been identified as the top threat actor in December, with over 80 victims in just one month. The group, consisting of likely inexperienced hackers, has been targeting victims mainly in the U.S., India, Italy, Brazil, Israel, Spain, and Mongolia.
FunkSec has been demanding unusually low ransoms, sometimes as low as $10,000, from its victims and selling stolen data to third parties at discounted prices. Despite the list of victims posted on its website, including a travel booking company, an energy management service, and a company selling household appliances, none of them have publicly confirmed the alleged attacks.
The latest version of FunkSec’s ransomware, named FunkSec V1, was uploaded from Algeria, indicating the likely location of its creator. The use of artificial intelligence in developing the malware suggests a level of sophistication beyond the group’s apparent lack of technical expertise. AI was used to write code comments in perfect English, a stark contrast to the basic English used on the group’s other platforms. Additionally, FunkSec released an AI chatbot to support its operations.
Despite their unclear motivations, FunkSec’s activities seem to align with both hacktivism and cybercrime. In addition to ransomware, the group offers services for distributed denial-of-service (DDoS) attacks, remote desktop management, and password generation — common tools associated with hacktivist activities.
Members of FunkSec have been linked to hacktivist activities in the past, with affiliations to movements like “Free Palestine” and attempts to associate with now-defunct hacktivist entities such as Ghost Algeria and Cyb3r Fl00d. However, researchers believe these associations are more about boosting FunkSec’s credibility by aligning with well-known names rather than indicating direct collaboration.
The authenticity of FunkSec’s leaked datasets has been called into question, as they appear to be recycled from previous hacktivism campaigns. This raises doubts about the legitimacy of their disclosures. Despite their rapid emergence and high number of victims, the true intentions and goals of FunkSec remain unclear. It is crucial for organizations and individuals to remain vigilant and take necessary security measures to protect against such ransomware attacks.