Check Point researchers warn of FunkSec, a fast-rising ransomware gang

A new ransomware group, FunkSec, has rapidly risen to prominence in the cybercrime world, claiming over 85 victims in just over a month since its emergence in late 2024. According to researchers at Check Point, the group operates under the guise of a Ransomware-as-a-Service (RaaS) model and employs aggressive tactics to gain visibility and notoriety.

A Blend of hacktivism and cybercrime

What sets FunkSec apart is its unusual mix of motivations. While the group utilizes double extortion tactics—encrypting files and stealing data to pressure victims into paying ransoms—it also presents itself as a hacktivist organization. Past affiliations of some members with hacktivist causes, including the “Free Palestine” movement, have added to the ambiguity surrounding its true objectives.

Check Point researchers highlight that FunkSec’s claims may be exaggerated. Some of the “leaked” data on their site appears to be recycled from older hacktivist-related breaches, raising questions about the group’s credibility. Despite this, FunkSec has managed to maintain an active presence on cybercrime forums, further boosting its notoriety.

The role of AI in FunkSec's operations

Check Point’s analysis reveals that FunkSec heavily relies on AI-assisted tools for rapid development. Their custom ransomware, written in Rust, has been evolving at an unusual pace despite the apparent inexperience of its developers. Evidence indicates the group may use AI-generated code and tools, including an AI chatbot developed on the Miniapps platform, to streamline their operations. This trend highlights how AI is reshaping the cybercrime landscape, lowering technical barriers for emerging threat actors.

Low ransom demands, high Exposure

FunkSec’s strategy includes unusually low ransom demands, sometimes as little as $10,000, and offering stolen data to third parties at discounted rates. These tactics, combined with their active engagement on dark web forums, indicate a deliberate effort to gain visibility rather than maximize financial gain.

Implications for cybersecurity

FunkSec’s rise highlights the blurred lines between hacktivism and organized cybercrime. It also raises concerns about the increasing use of AI in ransomware development, which could enable less skilled actors to launch sophisticated attacks.

As FunkSec’s activities gain attention, experts warn organizations to stay vigilant. “Groups like FunkSec demonstrate how easily cybercriminals can exploit technology to enhance their capabilities, even with limited expertise,” Check Point researchers noted.