Cyber Security News

FunkSec Ransomware Dominating Ransomware Attacks, Compromised 85 Victims in December

A new ransomware group called FunkSec has emerged as a dominant force in the cybercrime landscape, claiming to have compromised over 85 victims in December 2024 alone.

This unprecedented surge in activity has surpassed all other ransomware groups during the same period, raising concerns among cybersecurity experts and organizations worldwide.

FunkSec, which first surfaced in late 2024, has quickly gained notoriety for its unique approach to ransomware attacks.

The group presents itself as a Ransomware-as-a-Service (RaaS) operation, employing double extortion tactics that combine data theft with encryption to pressure victims into paying ransoms.

What sets FunkSec apart is its apparent use of AI-assisted malware development, enabling even inexperienced actors to produce and refine advanced tools rapidly.

Despite the high number of claimed victims, cybersecurity researchers at Check Point Research (CPR) have raised doubts about the authenticity of FunkSec’s disclosures.

Security analysts at CheckPoint found that many of the group’s leaked datasets appear to be recycled from previous hacktivism campaigns, suggesting that the actual impact of their operations may be more modest than claimed.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

FunkSec’s victims

FunkSec’s victims span across multiple continents, with a significant focus on:-

  • The United States
  • India
  • Italy
  • Brazil
  • Israel
  • Spain
  • Mongolia
Main risk areas around the world (Source – CheckPoint)

The group has gained attention for demanding unusually low ransoms, sometimes as little as $10,000, and selling stolen data to third parties at reduced prices.

Interestingly, analysis of FunkSec’s activities suggests that the group may be operated by relatively inexperienced actors with ties to hacktivist groups.

The ransomware’s code, which appears to have been developed in Algeria, contains elements that suggest AI assistance in its creation. This use of AI technology has allowed the group to rapidly iterate and improve their tools despite an apparent lack of technical expertise.

Here below we have mentioned all the top malware families:-

  • FakeUpdates
  • AgentTesla
  • Androxgh0st
  • Remcos
  • AsyncRat
  • NJRat
  • Rilide
  • Phorpiex
  • Formbook
  • Amadey

FunkSec’s emergence highlights the evolving threat landscape in cybersecurity, where the line between hacktivism and cybercrime is increasingly blurred.

The group has attempted to associate itself with several now-defunct hacktivist groups and appears to target organizations in countries aligned with or supporting Israel.

With ransomware attacks continuing to pose a significant threat to businesses and institutions globally, the rise of AI-assisted groups like FunkSec shows the urgent need for enhanced cybersecurity measures and continued vigilance in the face of evolving digital threats.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Tushar Subhra Dutta

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens

A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known…

2 hours ago

RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access

Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as "Salt…

3 hours ago

AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master…

4 hours ago

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. …

4 hours ago

WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code

A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute…

8 hours ago

Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as…

9 hours ago