Exclusive: Funksec ransomware gang allegedly targeting pair of Australian companies

Exclusive: Funksec ransomware gang allegedly targeting pair of Australian companies

Ransomware operators are sharing data stolen from a Western Australian cleaning supplier and an ANZ food safety charity, but the “leaks” are extremely minor.

The Funksec ransomware gang has listed two Australian organizations as victims on its darknet leak site, along with a small amount of supposedly stolen data.

Both commercial cleaning provider WACER, based in Western Australia, and the Australian and New Zealand Fresh Produce Safety Centre, based at the University of Sydney, were listed overnight as victims of the gang.

“Today we breached the database with full dump tables,” a spokesperson for the gang said in both leak posts, adding that the leaks were part of something called “funkday-free breaches.” [sic].

However, the leaks do not appear to be part of a traditional ransomware attack, and the apparently leaked data appears to be little more than data scraped from company websites. The total amount published by both companies is less than 20 megabytes and includes very little data that is not already publicly available.

Who is Funksec?

Funksec is a relatively new operation, having posted its first victim to its leak site earlier this month, on December 4, the day before announcing itself on a popular hacking forum, while the site itself appears to have been created in September 2024.

In addition to being a for-profit ransomware-as-a-service operation (it is currently attempting to extort $10,000 from a Mexican web hosting service), some of its leak activity is highly politically motivated.

“Our ransomware attacks and operations will target the United States. As a country whose government depends on first-class support for Israel, the United States weakens the Middle East because of its energy resources, including oil,” Funksec said in his manifesto of objectives.

“All of our attacks with the new ransomware program will be directed at the United States, targeting the government sector, the economy and companies that export and produce for the state.”

Funksec’s apparently new ransomware program is called FunkLocker and, according to the group, the multithreaded malware is capable of encrypting and renaming files, maintaining persistence, and targeting specific file types.

The gang notes that their ransomware is capable of “psychological manipulation,” and their ransom notes “create a sense of urgency and fear.”

“The ransom note includes threatening language (‘your data has been encrypted,’ ‘pay now or you will lose your files forever’), and often has an element of urgency such as a time limit or immediate action needed,” Funksec said. about your software.

“Result: The victim, feeling stressed and out of options, is more likely to pay the ransom quickly, hoping to restore access to their files.”

However, the gang also said that it is happy to deceive its victims through “deceptive recovery” and “deceive the victim into believing that the payment will lead to decryption.”

As for the “funkday breaches,” the gang appears to be using these little blobs of relatively harmless data to pad their leak site.

The gang also offers a free set of distributed denial of service (DDoS) tools on its leak site, which it said was created by the Funksec team. The fact that the gang appears to have created its own ransomware and DDoS suite suggests high technical capability.

Funksec has listed dozens of victims of one kind or another since it appeared on the scene, and while in this case, the gang’s list of Australian victims is little more than an annoyance, it certainly seems capable of further malicious activity at scale.

Leave a Reply

Your email address will not be published. Required fields are marked *