Focus Mode
Threat Research

FunkSec – Alleged Top Ransomware Group Powered by AI

Checkpoint
FunkSec – Alleged Top Ransomware Group Powered by AI
The FunkSec ransomware group emerged in late 2024, quickly gaining notoriety for claiming over 85 victims in December alone. Utilizing AI-assisted malware development, the group blurs the lines between hacktivism and cybercrime, complicating assessments of their true motivations and capabilities. Their operations raise questions about the authenticity of their claims and the reliability of current threat evaluation methods. Affected: FunkSec ransomware group

Keypoints :

  • The FunkSec ransomware group surfaced in late 2024, claiming over 85 victims in December.
  • They utilize AI-assisted malware development, allowing inexperienced actors to create advanced tools.
  • The group’s activities mix hacktivism and cybercrime, complicating the understanding of their motivations.
  • Many leaked datasets from FunkSec are recycled from previous hacktivism campaigns, raising authenticity concerns.
  • Current threat assessment methods often rely on the claims made by ransomware groups, highlighting the need for objective evaluation techniques.

MITRE Techniques :

  • TA0040: Impact – FunkSec employs double extortion tactics, combining data theft with encryption.
  • T1486: Data Encrypted for Impact – The group encrypts files on victims’ systems using a custom ransomware.
  • T1071: Application Layer Protocol – FunkSec uses various protocols for communication and data exfiltration.
  • T1499: Endpoint Denial of Service – FunkSec’s DDoS tool is used to disrupt services as part of their extortion strategy.
  • T1203: Exploitation for Client Execution – The ransomware exploits vulnerabilities to gain access to victim systems.

Indicator of Compromise :

  • [file hash] c233aec7917cf34294c19dd60ff79a6e0fac5ed6f0cb57af98013c08201a7a1c
  • [file hash] 66dbf939c00b09d8d22c692864b68c4a602e7a59c4b925b2e2bef57b1ad047bd
  • [file hash] dcf536edd67a98868759f4e72bcbd1f4404c70048a2a3257e77d8af06cb036ac
  • [file hash] b1ef7b267d887e34bf0242a94b38e7dc9fd5e6f8b2c5c440ce4ec98cc74642fb
  • [file name] dev.exe
  • Check the article for all found IoCs.

Full Research: https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/

Tags: DISCOVERY, RAAS, PASSWORD, WINDOWS, EXFILTRATION, RUSSIA, LEAK, TOOL