iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Ransomware operators share data stolen from a WA cleaning supplier and ANZ food safety not-for-profit, but the 'leaks' are exceedingly minor.
The Funksec ransomware gang has listed two Australian organisations as victims on its darknet leak site, alongside a small amount of allegedly stolen data.
Both the Western Australian-based commercial cleaning supplier WACER and University of Sydney-based Fresh Produce Safety Centre Australia & New Zealand were listed overnight as victims of the gang.
“We are breach today database with full dump tables,” a gang spokesperson said on both leak posts, adding that the leaks were part of something called ‘funkday free breaches’ [sic].
However, the leaks do not appear to be part of a traditional ransomware attack, and the data apparently leaked seems to be little more than data scraped from the company’s websites. The total amount published from both companies is less than 20 megabytes, and includes very little data that isn’t already publicly available.
SUB Who is Funksec?
Funksec is a relatively new operation, having posted its first victim on its leak site just earlier this month, on December 4. The day before it announced itself on a popular hacking forum, while the site itself appears to have been created in September 2024.
As well as being a for-profit, ransomware-as-a-service operation – it is currently attempting to extort US$10,000 from a Mexican web hosting service – some of its leak activity is highly politically motivated.
“Our ransomware attacks and operations will target the USA. As a country whose rule depends on first-class support for Israel, the United States weakens the Middle East due to its energy resources, including oil,” Funksec says in its targeting manifesto.
“All our strikes with the new ransomware program will be directed at America, targeting the government sector, economy, and companies exporting and producing for the state.”
Funksec’s apparently new ransomware program is called FunkLocker, and according to the group the multi-threaded malware is capable of file encryption and renaming, maintaining persistence, and targeting specific file-types.
The gang notes that its ransomware is capable of ‘psychological manipulation’, with its ransom notes “Creating a sense of urgency and fear”.
“The ransom note includes threatening language ("your data has been encrypted, "pay now or lose your files forever"), and it often has an urgency element like a time limit or immediate action needed,” Funksec says of its software.
“Result: The victim, feeling stressed and without options, may be more likely to pay the ransom quickly, hoping to restore access to their files.”
However, the gang also says it is happy to trick its victims via “Deceptive recovery” and “Tricking the victim into believing payment will lead to decryption”.
As to the ‘funkday breaches’, the gang appears to be using these small drops of relatively innocuous data to pad out its leak site.
The gang also offers a free set of Distributed Denial of Service tools on its leak site, which it says was created by the Funksec team. The fact that the gang appears to have built its own ransomware and DDoS suite suggests a high technical capacity.
Funksec’s listed dozens of victims of one kind or another since it appeared on the scene, and while in this case, the gang’s listing of Australian victims is little more than a nuisance, it certainly seems capable of more malicious activity at scale.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
