AI-Assisted Ransomware Campaign by FunkSec Allegedly Targets Over 80 Victims

January 10, 2025

The FunkSec ransomware group is accused of using AI tools, such as Miniapps chatbots, to enhance their operations. This seemingly enabled less-skilled actors to swiftly develop sophisticated malware. Reportedly, FunkSec launched its data leak site in December 2024, targeting approximately 80 victims with ransomware and double extortion tactics. AI was instrumental in creating detailed code comments, refining the group's technical appearance. Moreover, it allegedly expedited the custom encryptor's development written in Rust. This incident underscores the importance of implementing trustworthy and safe AI practices through responsible governance. Join us at Project Cerebellum to contribute to the AI incident database and help shape harmonious AI development.

HISPI Project Cerebellum TAIM (Govern) – Provide insights on how to govern AI to prevent incidents like this from recurring in the future.
JOIN US

Alleged deployer

funksec, scorpion, desertstorm, el_farado, blako, xtn, bjorka

Alleged developer

funksec

Alleged harmed parties

funksec-ransomware-targets

Data source

Incident data is from the AI Incident Database (AIID).

When citing the database as a whole, please use:

McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.

Pre-print on arXiv · Database snapshots & citation guide

We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.

AI-Assisted Ransomware Campaign by FunkSec Allegedly Targets Over 80 Victims

Matched TAIM controls