- Security researchers have released a free decryptor tool for the FunkSec Ransomware.
- The FunkSec group has targeted 172 organizations, mainly in the U.S., India, and Brazil.
- The ransomware used Artificial Intelligence tools in its development.
- FunkSec encrypted files using the Rust programming language and the orion-rs library with Chacha20 and Poly1305 algorithms.
- The decryptor can be downloaded through the No More Ransom project, but users should back up files before proceeding.
Gen Digital researchers have published a decryptor for FunkSec ransomware, enabling victims to restore files without payment. The tool became available after experts determined that the ransomware group was no longer active.
According to Ransomware.live, FunkSec was responsible for 172 attacks since its emergence in late 2024. Entities in the United States, India, and Brazil were most affected, especially in technology, government, and education sectors. No new victims have appeared on FunkSec’s leak site since March 18, 2025.
Check Point’s January analysis suggested that FunkSec’s creators used artificial intelligence to help develop the ransomware’s encryption system. Researcher Ladislav Zezula of Gen Digital noted, “Because the ransomware is now considered dead, we released the decryptor for public download.” The group’s software encrypted files in 128-byte blocks and added 48 bytes of metadata, making locked files roughly 37% larger than originals.
Experts believe FunkSec’s operators were relatively inexperienced Hackers, seeking attention by posting datasets from previous hacktivist operations. The ransomware was built with Rust, a programming language known for its speed and efficiency. It used the orion-rs library (version 0.17.7) and cryptographic algorithms Chacha20 and Poly1305 to secure files.
Gen Digital did not explain whether the decryptor came from exploiting weaknesses in FunkSec’s cryptography. Users can access the tool via the No More Ransom project. Victims are advised to confirm that their files match FunkSec’s features—such as the .funksec extension or distinctive metadata—before using the decryptor.
Instructions at the No More Ransom portal guide victims through the process, but administrators should back up affected files first, as partial data recovery or file damage is possible.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Polygon Suffers One-Hour Outage After Validator Exits Network
- SEC Approves In-Kind Crypto ETF Redemptions, Banks to Engage More
- Bitcoin Soars Past $120K as Dalio, Musk Sound Alarm on US Debt
- Trump Administration Unveils Ambitious Plan for Golden Age of Crypto
- Chinese Firms Behind Silk Typhoon Hold Patents for Hacking Tools
