- Kaspersky recently analyzed Funksec, a new ransomware group
- This group uses AI to generate code in encryptions and other tools
- Ransomware is constantly growing as a threat
The future of ransomware threats lies in generative artificial intelligence (Genai), since computer pirates increasingly use nascent technology to improve and optimize their coding processes, experts warned.
The last report of the Ransomware State of the Kaspersky Global Research and Analysis team (Great) analyzed Funksec, a relatively new ransomware group, saw for the first time in the late 2024.
Despite his junior status, Funksec already made a name, “quickly surpassing many established actors by attacking the sectors of the Government, Technology, Finance and Education in Europe and Asia,” Kaspersky said.
Under the entrance barrier
Analyzing the code in their products, the researchers determined that the group is actively using Genai.
The revealing signs include generic comments on position marker (for example, “Real check position”) and technical inconsistencies (commands for different operating systems that are not aligned), they said.
In addition, they observed the declared but not used functions, such as the modules included in advance, but were never used, which is something that the largely used language models are used.
“More and more, we see that cybercounts take advantage of the AI to develop malicious tools. The generative AI reduces the barriers and accelerates the creation of malware, which allows cybercriminals to adapt their tactics faster. By reducing the entry threshold, AI allows the attackers to even less experienced to quickly develop the sophisticated malware on scale,” said Marc Rivero. Kaspersky security.
Ia attacks will probably also require defenses with AI as well. Today, many of the best antivirus and end point protection services use AI and automatic learning, mainly to detect threats that traditional firm -based methods would be lost.
Companies such as Crowdstrike, Sentinelone, Sopos, Microsoft Defender for Endpoint, Palo Alto Networks and many others are vowels about their AI/ML capabilities, often emphasizing the speed, precision and the lowest false positives compared to the inherited solutions.
In this report, Kaspersky recommended that users enable ransomware protection for all final points, keep everything updated and focus defense strategies on the detection of lateral movements and data scrub, among other things.
