Home > Security > Security News

FunkSec Falls Silent, Avast Releases Free Tool to Rescue Encrypted Files

Published on July 31, 2025
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Screen, codes, lock, break, man

Avast has released a free decryptor for the FunkSec ransomware, an AI-powered ransomware known for its innovative use of artificial intelligence to enhance its effectiveness. This development brings relief to victims who have struggled to retrieve their encrypted files. 

AI-Powered FunkSec Ransomware  

TechNadu reported in March on the FunkSec ransomware group leveraging AI to refine phishing templates and create tools, accounting for approximately 20% of its operations. Yet, they were seen as inexperienced.

Written in the Rust programming language, the ransomware uses the Chacha20 encryption algorithm with Poly1305 MAC help. 

Files encrypted with FunkSec ransomware have the “.funksec” extension
Files encrypted with FunkSec ransomware have the “.funksec” extension | Source: Gen Digital

FunkSec encrypted large volumes of data and applied the “.funksec” extension to encrypted files, with customized ransom notes titled “README-{random}.md,” as per Gen Digital.

Despite its advanced technology, the group’s operations ceased earlier this year. The report mentions Avast’s collaboration with law enforcement to develop and release a decryptor, which offers a straightforward recovery process for victims. The tool supports both 64-bit and 32-bit systems.

It was released for public download "because the ransomware is now considered dead," a Gen Digital report said, which also offers details on how to use the FunkSec Ransomware decryptor.

Threat Impact 

Gen Digital counted 113 victims during the ransomware’s operational lifespan, and the FunkSec ransomware decryptor provides a lifeline to affected organizations. 

The threat actor first surfaced in December 2024 and gained traction by combining data exfiltration with file encryption for extortion purposes. The latest breach claim we reported on was in March, when FunkSec claimed the breach of UNIMORE University's systems.

Add a Comment
Related
Call Center - Money - Laptop
Fabricated Entry, Real Payout: Baltimore Loses $1.5M in Workday Vendor Scam
Africa Map - Shield - Police - Laptop
Operation Serengeti 2.0: Trend Micro Backs INTERPOL in Record Cybercrime Crackdown
Salesforce - Hacker - Data Breach
Salesloft Drift Breach Extends to Other Connected Systems, Salesforce Sued
Online Casino - Crypto - Gambling
Gambler Panel Scam Operations with Affiliate Network Target Victims Through Fake Online Casinos
Toyota - Logo - Hacker
Toyota India (Kirloskar Motor) May Be Hit by Black Nevas Ransomware Attack
US Treasury Building - IT Workers - Laptop - Money - Missiles
US Treasury Sanctions Four Related to IT Worker Scheme Network Funding North Korea's Weapons Programs
Most Popular
Call Center - Money - Laptop
Fabricated Entry, Real Payout: Baltimore Loses $1.5M in Workday Vendor Scam
Surfshark faces US lawsuit over auto-renewal practices
Surfshark Faces Class Action Lawsuit in the US Over Alleged "Illegal" Auto-Renewal Fees
Africa Map - Shield - Police - Laptop
Operation Serengeti 2.0: Trend Micro Backs INTERPOL in Record Cybercrime Crackdown
IPVanish Adds RAM-Only Servers and OpenVPN Support on iOS
IPVanish Expands Privacy and Security with RAM-Only Servers and OpenVPN Support on iOS
Salesforce - Hacker - Data Breach
Salesloft Drift Breach Extends to Other Connected Systems, Salesforce Sued
Online Casino - Crypto - Gambling
Gambler Panel Scam Operations with Affiliate Network Target Victims Through Fake Online Casinos
Fabricated Entry, Real Payout: Baltimore Loses $1.5M in Workday Vendor Scam
Surfshark Faces Class Action Lawsuit in the US Over Alleged "Illegal" Auto-Renewal Fees
Operation Serengeti 2.0: Trend Micro Backs INTERPOL in Record Cybercrime Crackdown
IPVanish Expands Privacy and Security with RAM-Only Servers and OpenVPN Support on iOS
Salesloft Drift Breach Extends to Other Connected Systems, Salesforce Sued
Gambler Panel Scam Operations with Affiliate Network Target Victims Through Fake Online Casinos

Most Popular
Call Center - Money - Laptop
Fabricated Entry, Real Payout: Baltimore Loses $1.5M in Workday Vendor Scam
Surfshark faces US lawsuit over auto-renewal practices
Surfshark Faces Class Action Lawsuit in the US Over Alleged "Illegal" Auto-Renewal Fees
Africa Map - Shield - Police - Laptop
Operation Serengeti 2.0: Trend Micro Backs INTERPOL in Record Cybercrime Crackdown
IPVanish Adds RAM-Only Servers and OpenVPN Support on iOS
IPVanish Expands Privacy and Security with RAM-Only Servers and OpenVPN Support on iOS
Salesforce - Hacker - Data Breach
Salesloft Drift Breach Extends to Other Connected Systems, Salesforce Sued
Online Casino - Crypto - Gambling
Gambler Panel Scam Operations with Affiliate Network Target Victims Through Fake Online Casinos
Fabricated Entry, Real Payout: Baltimore Loses $1.5M in Workday Vendor Scam
Surfshark Faces Class Action Lawsuit in the US Over Alleged "Illegal" Auto-Renewal Fees
Operation Serengeti 2.0: Trend Micro Backs INTERPOL in Record Cybercrime Crackdown
IPVanish Expands Privacy and Security with RAM-Only Servers and OpenVPN Support on iOS
Salesloft Drift Breach Extends to Other Connected Systems, Salesforce Sued
Gambler Panel Scam Operations with Affiliate Network Target Victims Through Fake Online Casinos

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: