Technology, Science, & Me!
SEE OTHER BRANDS
Technology, Science, & Me!

Get your daily news on science and technology

Submit Press Release

ANY.RUN Exposes FunkLocker: AI-Generated Ransomware Threatens Global Organizations

DUBAI, DUBAI, UNITED ARAB EMIRATES, October 1, 2025 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has released new research on FunkLocker, a ransomware strain developed by the FunkSec group with the aid of artificial intelligence. The findings highlight how AI-assisted coding is shaping the evolution of ransomware while also leaving behind exploitable weaknesses.

๐€๐ˆโ€™๐ฌ ๐‘๐จ๐ฅ๐ž ๐ข๐ง ๐…๐ฎ๐ง๐ค๐‹๐จ๐œ๐ค๐ž๐ซ
FunkLocker exhibits development patterns consistent with AI-generated code snippets combined into a single build, producing rapid variants that range from barely functional to more feature-rich versions containing anti-virtualization checks.

๐“๐ž๐œ๐ก๐ง๐ข๐œ๐š๐ฅ ๐‡๐ข๐ ๐ก๐ฅ๐ข๐ ๐ก๐ญ๐ฌ ๐จ๐Ÿ ๐…๐ฎ๐ง๐ค๐‹๐จ๐œ๐ค๐ž๐ซ
The analysis identifies the following core behaviors that define FunkLockerโ€™s operations:

โ— ๐€๐ˆ-๐š๐ฌ๐ฌ๐ข๐ฌ๐ญ๐ž๐ ๐๐ž๐ฏ๐ž๐ฅ๐จ๐ฉ๐ฆ๐ž๐ง๐ญ: FunkLocker samples contain code patterns consistent with copy-pasted AI snippets, leading to rapid but inconsistent builds.
โ— ๐’๐ฒ๐ฌ๐ญ๐ž๐ฆ ๐š๐›๐ฎ๐ฌ๐ž: Legitimate Windows utilities (PowerShell, sc.exe, taskkill.exe, net.exe) are misused to disable defenses and halt applications.
โ— ๐‹๐จ๐œ๐š๐ฅ-๐จ๐ง๐ฅ๐ฒ ๐ž๐ง๐œ๐ซ๐ฒ๐ฉ๐ญ๐ข๐จ๐ง: Files are encrypted locally with the .funksec extension, and ransom notes may remain hidden until reboot.
โ— ๐–๐ž๐š๐ค ๐จ๐ฉ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง๐š๐ฅ ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ: Reused Bitcoin wallets and locally derived or hardcoded keys enabled researchers to build a public decryptor.

For full technical details, including mapped MITRE ATT&CK tactics and related IOCs, read the complete FunkLocker analysis and explore its interactive sandbox session on the ANY.RUN blog.

๐‡๐จ๐ฐ ๐€๐๐˜.๐‘๐”๐ ๐‡๐ž๐ฅ๐ฉ๐ฌ ๐’๐Ž๐‚ ๐“๐ž๐š๐ฆ๐ฌ ๐ƒ๐ž๐ญ๐ž๐œ๐ญ ๐…๐ฎ๐ง๐ค๐‹๐จ๐œ๐ค๐ž๐ซ
SOC analysts can use ANY.RUNโ€™s Interactive Sandbox to safely detonate FunkLocker samples and observe malicious behavior in real time. Within seconds, the service reveals the complete execution chain, mapped MITRE ATT&CK techniques, and related IOCs. This rapid visibility enables teams to:

โ— Detect ransomware activity before encryption completes
โ— Gather actionable intelligence for faster triage and containment
โ— Validate recovery plans by testing FunkLockerโ€™s impact in a controlled environment

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐
Over 500,000 cybersecurity professionals and 15,000+ companies worldwide rely on ANY.RUN to accelerate malware analysis and threat investigations. The solutions provide real-time visibility into malicious activity, enabling teams to triage faster, gather actionable threat intelligence, and strengthen security operations.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share us

on your social networks:
Facebook Facebook LinkedIn LinkedIn
AGPs

Get the latest news on this topic.

SIGN UP FOR FREE TODAY

No Thanks

By signing to this email alert, you
agree to our Terms & Conditions