Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

The Hacker News by The Hacker News
July 30, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jul 30, 2025Ravie LakshmananEncryption / Ransomware

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free.

“Because the ransomware is now considered dead, we released the decryptor for public download,” Gen Digital researcher Ladislav Zezula said.

FunkSec, which emerged towards the end of 2024, has claimed 172 victims, according to data from Ransomware.live. The vast majority of targeted entities are located in the U.S., India, and Brazil, with technology, government, and education being the top three sectors attacked by the group.

An analysis of FunkSec by Check Point earlier this January found signs that the encryptor was developed with assistance from artificial intelligence (AI) tools. The group has not added any new victims to its data leak site since March 18, 2025, suggesting that the group may no longer be active.

Cybersecurity

It’s also believed that the group consisted of inexperienced hackers seeking visibility and recognition by uploading leaked datasets associated with previous hacktivism campaigns.

FunkSec was built using Rust, a fast and efficient programming language that’s now popular among newer ransomware groups. Other families, like BlackCat and Agenda, also use Rust to help their attacks run quickly and avoid detection. FunkSec relies on the orion-rs library (version 0.17.7) for encryption, using the Chacha20 and Poly1305 algorithms to lock files during its routine.

“This hash-based method ensures integrity of encryption parameters: the encryption key, n-once, block lengths, and encrypted data itself,” Zezula noted. “Files are encrypted per-blocks of 128 bytes, adding 48 bytes of extra metadata to each block, which means that encrypted files are about 37% bigger than the originals.”

Gen Digital did not disclose how it was able to develop a decryptor and if it entailed the exploitation of a cryptographic weakness that makes it possible to reverse the encryption process. The decryptor can be accessed via the No More Ransom project.

Victims looking to recover their data should first confirm that encrypted files match FunkSec’s signature, typically identified by the .funksec extension or unique metadata padding. The No More Ransom portal provides basic usage steps, but administrators are advised to back up affected files before attempting decryption in case of partial recovery or file corruption.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Recommended.

RayNeo Unveils World’s First eSIM-Enabled AR Glasses for CES 2026

RayNeo Unveils World’s First eSIM-Enabled AR Glasses for CES 2026

January 4, 2026
Spectral Capital Signs Definitive Agreement to Acquire Telvantis Voice Services, Inc.

Spectral Capital Signs Definitive Agreement to Acquire Telvantis Voice Services, Inc.

December 30, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio