eCommerceNews New Zealand - Technology news for digital commerce decision-makers
New Zealand

Guides

#
commerce systems
#
customer data platforms
#
data analytics
#
digital signage
#
payment technologies

Search

Realistic masked hacker computer dark room digital locks encrypted files ai ransomware
#
Malware
#
Ransomware
#
Encryption

AI gives cyber criminals new tools in evolving ransomware threat

Today
Author image
By Melania Watson, Interview Editor

Artificial intelligence is increasingly being harnessed to power ransomware attacks, raising complex new challenges for individuals and organisations seeking to defend against cyber threats.

Security researchers have recently uncovered how criminal groups, such as the ransomware gang FunkSec, have started using generative AI tools to enhance their operations. According to analysis by Avast's security team, while the core ransomware used was not entirely built by AI, automation tools were deployed to assist with coding, producing phishing templates, and creating operational tooling.

These revelations highlight how AI technologies are streamlining cyber attacks, bringing speed and efficiency to a range of criminal activities that have historically relied more heavily on manual work.

Case study: FunkSec

FunkSec's recent campaign, examined in Avast's latest Gen Threat Report, provides one of the first documented examples of AI directly assisting in the development and deployment of ransomware. Although their malware incorporated advanced elements, it was not without flaws.

In the course of the investigation, Avast's team identified a vulnerability, described as a cryptographic weakness, in FunkSec's encryption logic. This flaw created an opportunity for intervention. Working alongside international law enforcement, Avast engineers developed a bespoke decryption tool that was quietly used to help dozens of affected individuals retrieve their files.

Now that FunkSec's operations have subsided, Avast has made this decryption tool freely available to the public. This forms part of a broader initiative, with over 40 decryptors released under the Avast and AVG brands in the past decade.

"It's a reminder that while ransomware continues to evolve, so does our ability to fight back."

How ransomware spreads

Most ransomware infections begin with social engineering tactics, rather than technical vulnerabilities. The most common vector remains phishing emails, which masquerade as legitimate correspondence from trusted sources, such as a bank or a delivery service. These emails often contain attachments or links that can trigger malicious downloads.

Other prevalent infection methods include:

  • Malicious attachments or fake documents disguised as invoices or CVs, sometimes prompting users to enable Microsoft Office macros, which can execute malware if activated.
  • Compromised websites or malicious advertising ("malvertising") that launch attacks if a user's browser is out of date.
  • Pirated software downloads that contain hidden ransomware programs.
  • Infected USB sticks or external drives that launch malware automatically when inserted into a computer with certain features enabled.

Warning signs

While many attacks strike without apparent warning, some tell-tale signs can tip users off early. These include files that will not open or that suddenly have unfamiliar extensions such as ".locked", ".funksec", or ".crypt". Other symptoms may include unusual slowdowns, strange pop-ups, or unfamiliar programs appearing at startup.

Distinctive ransom notes often appear on infected systems, typically bearing names like README.txt or HOW_TO_DECRYPT.html, with instructions for payment in cryptocurrency. Loss of access to files and a demand for ransom are clear signs of infection.

Reducing risk

No single defence offers complete protection against ransomware, but there are several practices recommended for reducing the risk of an attack:

  • Regularly back up important files using reliable cloud services or offline storage.
  • Install reputable security software capable of real-time threat blocking.
  • Be cautious with email attachments and links, especially from unknown sources.
  • Keep operating systems and applications updated to close off vulnerabilities.
  • Do not enable macros in office documents from unfamiliar senders.

AI: threat and defence

Artificial intelligence is accelerating the pace at which cyber criminals can construct and deploy attacks. The same technologies, however, are also being leveraged by cybersecurity professionals to enhance detection and response measures, including the rapid development of decryption tools and automated analyses of threat patterns.

"At Avast, we believe no one should have to pay to get their digital life back. That's why we continue to invest in free tools and public resources to help ransomware victims recover safely - and why we'll keep innovating as the threat evolves."

Security researchers caution that as cyber criminals adapt, so must users. Increased vigilance, prompt updates, and widespread adoption of protective technologies are among the necessary measures for navigating this evolving threat landscape.

"Ransomware may be getting smarter. But so can we."
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Webjet partners with AWS & Microsoft to drive AI travel solutions
Innovid unveils AI updates to automate & enhance ad campaigns
Blending efficiency with empathy - how to strategise for AI success
How AI can help remove bias, rather than entrench it
Papamoa Beach section could be New Zealand’s first Bitcoin sale

Top stories

Zoho ANZ sees 20% customer growth, unveils new offerings & AI
Bridging the payment divide: How small businesses can align with consumer expectations in 2025
Don’t let the sunsetting of De Minimis derail your US export drive
Litmaps secures NZD $1.4 million to drive global platform growth
Twilio launches global RCS messaging to boost trust & engagement