AI tools underpin a new wave of ransomware

Criminals leveraged generative AI for ransomware production, but Avast’s security team reversed the attack using a cryptographic weakness to decrypt files.
FunkSec, generative AI, ransomware, Avast, AI-assisted malware, phishing templates, cryptographic flaw, decryption tool, AI in cybercrime

Avast researchers uncovered that the FunkSec ransomware group used generative AI tools to accelerate attack development.

While the malware was not fully AI-generated, AI aided in writing code, crafting phishing templates and enhancing internal tooling.

A subtle encryption flaw in FunkSec’s code became the decryption breakthrough. Avast quietly developed a free tool, bypassing the need for ransom payments and rescuing dozens of affected users in cooperation with law enforcement.

However, this marks one of the earliest recorded instances of AI being used in ransomware, targeting productivity and stealth. It demonstrates how cybercriminals are adopting AI to lower entry barriers and that forensic investigation and technical agility remain crucial defence tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!