FunkSec Ransomware Attacks 85 Victims in December

FunkSec is an emerging RaaS actor that rapidly gained notoriety in December 2024 by publishing over 85 victim profiles on its DLS. Many of FunkSec’s claims are recycled or fabricated that raises concerns about their credibility and execution capabilities. 

Linked to Algeria, it appears motivated by both financial gain and hacktivist ideologies that blur the lines between political disruption and cybercrime, where this unique blend of motives and their reliance on AI-powered tools highlight the evolving and increasingly complex landscape of ransomware threats.

There was a resurgence of FakeUpdates (SocGholish) in the malware landscape during the month of December that affected five percent of organizations nationwide. 

AgentTesla and Androxgh0st followed closely and demonstrated the continued evolution of threats as these malware families utilize diverse tactics that include credential theft, data exfiltration, and cross-platform exploitation. 

The climbers include AgentTesla, which is known for its keylogging and information-stealing capabilities, while Remcos is a Remote Access Trojan (RAT) that leverages malicious Office documents for distribution. 

Androxgh0st is a cross-platform botnet targeting critical infrastructure and saw a slight decline in its ranking that underscores the importance of robust cybersecurity measures to protect against evolving malware threats.

On the list of mobile threats in December, the most prominent threat was Anubis which is a banking Trojan that possessed capabilities such as remote access, keylogging, audio recording, and ransomware. 

Necro is an Android Trojan dropper that disseminated additional malware, displayed intrusive ads, and fraudulently charged subscriptions. While Hydra is a banking Trojan that targeted banking credentials by exploiting dangerous permissions and access requests within banking applications. 

Cyberattacks continue to target critical sectors as for the fifth straight month the Education/Research industry faced the most attacks that likely due to its reliance on interconnected systems and vast amounts of sensitive data. 

The Communications and Government/Military sectors also experienced significant cyber threats that highlighted the vulnerability of sectors that play crucial roles in national infrastructure and security. 

According to Check Point Research, FunkSec is a nascent double extortion group that dominated ransomware activity in December. 

RansomHub is a rebranded RaaS operation targeting diverse systems and includes VMware ESXi and LeakeData, which is an enigmatic entity with an unclear modus operandi operating a clear web data leak site. 

The DLS methodology utilized by FunkSec encompassed both ransomware incidents and data breaches that most likely resulted in an inflated number of victims that were reported. 

The December 2024 threat landscape witnessed a surge in AI-powered ransomware attacks that was exemplified by the emergence of FunkSec despite concerns over its methods. 

Organizations must proactively counter these threats by implementing robust security measures by leveraging advanced technologies such as AI/ML for threat detection and response and continuously adapting their security posture to address the evolving tactics of cybercriminals. 

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here