Ransomware Gang Wields Generative AI To Target 113 Firms Worldwide, Warns Fortune 500 Cybersecurity Firm
A Fortune 500 cybersecurity giant is sounding the alarm after investigators confirmed that a ransomware crew relied on generative AI to accelerate its campaign against more than one hundred organizations worldwide.
In its Q2 Threat Report, Gen Digital notes that FunkSec first appeared late last year, initially focused on data theft and extortion rather than encryption.
The gang’s leak site listed its first victim in December, with attacks expanding into the new year. At least 113 companies across the U.S., Italy, Spain and Brazil were struck, including a firm working in child protection.
The ransom note — README-{random}.md — appeared in every folder, appending the extension “.funksec” after files were scrambled.
FunkSec was written in Rust and used the orion-rs cryptographic library to encrypt data with ChaCha20. Analysts say the malware is capable of killing dozens of services and processes to maximize disruption, shutting down browsers, media players, email clients and even Task Manager. In one odd flourish, some variants attempted to load a wallpaper image from Imgur during encryption.
The group demanded 0.1 Bitcoin per victim, a modest ask in the ransomware economy but one that could have netted more than $1.1 million if every target paid.
Says Gen Digital,
“While FunkSec wasn’t the most technically advanced ransomware, the damage was real.”
More troubling is the gang’s admission that roughly 20% of its workflow was assisted by generative AI. Operators acknowledged using AI models to write code snippets, generate phishing templates and speed up tooling. That figure, while small, makes FunkSec one of the first known ransomware groups to publicly credit artificial intelligence with part of its success.
Gen Digital is a publicly listed, multi-national cybersecurity firm co-headquartered in both Prague, Czech Republic (EU) and Tempe, Arizona (USA).
