{"id":2062,"date":"2025-08-02T19:52:26","date_gmt":"2025-08-02T19:52:26","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/08\/02\/funksec-ransomware-victims-can-now-recover-files-with-free-decryptor\/"},"modified":"2025-08-02T19:52:26","modified_gmt":"2025-08-02T19:52:26","slug":"funksec-ransomware-victims-can-now-recover-files-with-free-decryptor","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/08\/02\/funksec-ransomware-victims-can-now-recover-files-with-free-decryptor\/","title":{"rendered":"FunkSec Ransomware Victims Can Now Recover Files with Free Decryptor"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A decryptor for the FunkSec ransomware has been developed and made avaliable to download for free by researchers at antivirus provider Avast.<\/p>\n<p>Ladislav Zezul, a malware researcher at Avast\u2019s parent company Gen, said in a recent blog post that his team had cooperated with law enforcement agencies to help victims of the FunkSec ransomware group decrypt files free of charge.<\/p>\n<p>Based on the group\u2019s data leak site, the researchers identified 113 victims.<\/p>\n<p>Analysis suggests the gang initially focused on data exfiltration and extortion before later incorporating encryption into their attacks.<\/p>\n<p>The timeline of their operations indicates that the first victim appeared before the earliest known ransomware sample appeared in 2024, with activity continuing until at least mid-March 2025.<\/p>\n<p>\u201cBecause the ransomware is now considered dead, we released the decryptor for public download,\u201d Zezul wrote.<\/p>\n<h2><strong>A Low-Skill Ransomware Operation<\/strong><\/h2>\n<p>FunkSec emerged in late 2024. The group\u2019s operators appeared to use AI-assisted malware development.<\/p>\n<p>According to a Check Point report in January 2025, FunkSec operations were likely conducted by inexperienced actors linked to hacktivist activity.<\/p>\n<p>Theuse of AI assistance \u201cmay have contributed to their rapid iteration despite the author\u2019s apparent lack of technical expertise,\u201d the Check Point researchers wrote.<\/p>\n<p>Sergey Shykevich, threat intelligence group manager at Check Point, spoke to <em>Infosecurity<\/em> about FunkSec during the firm\u2019s CPX 2025 conference in Vienna in February.<\/p>\n<p>\u201cFunksec\u2019s ransomware is not very sophisticated, and the actor behind it is not very technical. He recycled code from other ransomware and took a chance with AI. However, we tested the ransomware and it works, it disrupts services on the machines it targets and encrypts data,\u201d Shykevich told <em>Infosecurity<\/em>.<\/p>\n<h2><strong>How to Use the FunkSec Decryptor<\/strong><\/h2>\n<p>Typical characteristics of the FunkSec ransomware include encrypted files displaying the \u2018.funksec\u2019 extension and the presence of a ransom note file called \u2018README-{random}.md\u2019 in every folder of the targeted system.<\/p>\n<p>Gen\u2019s Zezul provided the steps for organizations to use the FunkSec decryptor for free:<\/p>\n<ol>\n<li>Download the decryptor binary for 64-bit Windows on Avast<\/li>\n<li>Run the decryptor: Open the file as an administrator and a step-by-step guide will appear<\/li>\n<li>Click <em>Next<\/em> after reviewing the license info<\/li>\n<li>Choose files to decrypt: Select the drives or folders containing encrypted files (local drives are selected by default)<\/li>\n<li>Keep the backup option enabled (recommended) and click <em>Decrypt<\/em>. Wait for the process to complete<\/li>\n<\/ol><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A decryptor for the FunkSec ransomware has been developed and made avaliable to download for free by researchers at antivirus provider Avast. Ladislav Zezul, a malware researcher at Avast\u2019s parent company Gen, said in a recent blog post that his team had cooperated with law enforcement agencies to help victims of the FunkSec ransomware group<\/p>\n","protected":false},"author":2,"featured_media":2063,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2062","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2062-25972af3-0773-4c46-bdab-19fe224fd458-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2062"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2062\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2063"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}