AI-Assisted Ransomware Campaign by FunkSec Allegedly Targets Over 80 Victims
January 10, 2025
The FunkSec ransomware group allegedly leveraged AI tools, such as Miniapps chatbots, to develop and refine its ransomware operations, which is reported to have allowed apparently inexperienced actors to produce advanced malware rapidly. It is reported that the group claimed to have launched its data leak site in December 2024, allegedly targeting over 80 victims with ransomware and double extortion tactics. AI reportedly supported the creation of detailed code comments in order to refine the group's technical presentation, while also allegedly facilitating the rapid iteration of its custom encryptor written in Rust.
- Alleged deployer
- funksec, scorpion, desertstorm, el_farado, blako, xtn, bjorka
- Alleged developer
- funksec
- Alleged harmed parties
- funksec-ransomware-targets
Source
Data from the AI Incident Database (AIID). Cite this incident: https://incidentdatabase.ai/cite/897
Data source
Incident data is from the AI Incident Database (AIID).
When citing the database as a whole, please use:
McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.
Pre-print on arXiv · Database snapshots & citation guide
We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.