- Kaspersky recently analyzed Funksec, a new ransomware group
- This group uses AI to generate code in encryptors and other tools
- Ransomware increases regularly as a threat
The future of ransomware threats lies in generative artificial intelligence (GENAI), as hackers are increasingly using emerging technology to improve and rationalize their coding processes, experts warned.
The latest Kaspersky’s World Research and Global Research and World Analysis State report analyzed Funksec, a relatively new ransomware group, spotted for the first time at the end of 2024.
Despite its junior status, Funksec has already made a name for itself, “quickly exceeding many players established by targeting the sectors of government, technology, finance and education across Europe and Asia,” said Kaspersky.
Lower the barrier for the entrance
Analyzing the code in its products, the researchers determined that the group actively uses Genai.
Telltale panels include generic comments of reserved space (for example “the space reserved for real control”) and technical inconsistencies (commands for different operating systems that do not line up), they said.
In addition, they have observed declared but unused functions such as the initial but never used modules, which language models are apparently used.
“More and more, we see cybercriminals taking advantage of AI to develop malicious tools. The generative AI lowers the barriers and accelerates the creation of malware, allowing cybercriminals to adapt their tactics more quickly.
The attacks fueled by AI will probably also require defenses fueled by AI. Today, many of the best antivirus and terminal protection services use AI and automatic learning, mainly to detect threats that traditional signing methods would lack.
Companies like Crowdstrike, Sentinelone, Sophos, Microsoft Defender for end points, Palo Alto Networks and many others, express their capacities of IA / ML, often emphasizing speed, precision and lower positives compared to inherited solutions.
In this report, users recommended by Kaspersky allow ransomware protection for all termination points, keep all day and focus defense strategies on lateral movements and data exfiltration, among others.
