
Avast has released a free decryptor for the FunkSec ransomware, an AI-powered ransomware known for its innovative use of artificial intelligence to enhance its effectiveness. This development brings relief to victims who have struggled to retrieve their encrypted files.
TechNadu reported in March on the FunkSec ransomware group leveraging AI to refine phishing templates and create tools, accounting for approximately 20% of its operations. Yet, they were seen as inexperienced.
Written in the Rust programming language, the ransomware uses the Chacha20 encryption algorithm with Poly1305 MAC help.
FunkSec encrypted large volumes of data and applied the “.funksec” extension to encrypted files, with customized ransom notes titled “README-{random}.md,” as per Gen Digital.
Despite its advanced technology, the group’s operations ceased earlier this year. The report mentions Avast’s collaboration with law enforcement to develop and release a decryptor, which offers a straightforward recovery process for victims. The tool supports both 64-bit and 32-bit systems.
It was released for public download "because the ransomware is now considered dead," a Gen Digital report said, which also offers details on how to use the FunkSec Ransomware decryptor.
Gen Digital counted 113 victims during the ransomware’s operational lifespan, and the FunkSec ransomware decryptor provides a lifeline to affected organizations.
The threat actor first surfaced in December 2024 and gained traction by combining data exfiltration with file encryption for extortion purposes. The latest breach claim we reported on was in March, when FunkSec claimed the breach of UNIMORE University's systems.