- Kaspersky recently analyzed FunkSec, a new ransomware group
- This group uses AI to generate code in the encryptors and other tools
- Ransomware is steadily growing as a threat
The future of ransomware threats lies in Generative Artificial Intelligence (GenAI), as hackers are increasingly using the nascent technology to improve and streamline their coding processes, experts have warned.
The latest State of Ransomware report from Kaspersky’s Global Research and Analysis Team (GReAT) analyzed FunkSec, a relatively new ransomware group, first spotted in late 2024.
Despite its junior status, FunkSec already made a name for itself, “quickly surpassing many established actors by targeting government, technology, finance and education sectors across Europe and Asia,” Kaspersky said.
Lowering the barrier for entry
Analyzing the code in its products, the researchers determined that the group is actively using GenAI.
Telltale signs include generic placeholder comments (for example “placeholder for actual check”) and technical inconsistencies (commands for different operating systems that don’t align), they said.
Furthermore, they observed declared but unused functions such as modules included upfront but never utilized, which is something large language models are apparently used to doing.
“More and more, we see cybercriminals leveraging AI to develop malicious tools. Generative AI lowers barriers and accelerates malware creation, enabling cybercriminals to adapt their tactics faster. By reducing the entry threshold, AI allows even less experienced attackers to quickly develop sophisticated malware at scale,” said Marc Rivero, Lead Security Researcher at Kaspersky’s GReAT.
AI-powered attacks will probably require AI-powered defenses, as well. Today, many of the best antivirus and endpoint protection services use AI and machine learning, mostly to detect threats that traditional signature-based methods would miss.
Companies like CrowdStrike, SentinelOne, Sophos, Microsoft Defender for Endpoint, Palo Alto Networks, and many others, are vocal about their AI/ML capabilities, often emphasizing speed, accuracy, and lower false positives compared to legacy solutions.
In this report, Kaspersky recommended users enable ransomware protection for all endpoints, keep everything updated, and focus defense strategies on detecting lateral movements and data exfiltration, among other things.
