Ransomware operators are sharing data stolen from a Western Australian cleaning supplier and food safety non-profit ANZ, but the “leaks” are extremely minor.
Ransomware gang Funksec has listed two Australian organizations as victims on its darknet leak site, alongside a small amount of allegedly stolen data.
Commercial cleaning supplier WACER, based in Western Australia, and the Fresh Produce Safety Center Australia & New Zealand, based at the University of Sydney, were listed overnight as victims of the gang.
“We are breaching the database today with full dump tables,” a spokesperson for the gang said on the two leaked posts, adding that the leaks were part of so-called “gratuitous breaches funkday.” [sic].
However, the leaks do not appear to be part of a traditional ransomware attack, and the apparently leaked data appears to be little more than data scraped from the company’s websites. The total amount released by the two companies is less than 20 megabytes and includes very little data that is not already publicly available.
Who is Funksec?
Funksec is a relatively new operation, having posted its first victim on its leak site earlier this month, on December 4 – the day before it was announced on a popular hacking forum, while the site itself appears to have been created in September 2024.
In addition to being a ransomware-as-a-service operation for profit – it is currently attempting to extort US$10,000 from a Mexican web hosting service – some of its leaking activities are highly politically motivated.
“Our ransomware attacks and operations will target the United States. As a country whose power depends on first-rate support for Israel, the United States is weakening the Middle East because of its energy resources, especially oil,” Funksec said in his targeting manifesto.
“All of our attacks with the new ransomware program will be directed against America, targeting the government sector, the economy and companies that export and produce for the state.”
Funksec’s apparently new ransomware program is called FunkLocker, and according to the group, the multi-threaded malware is capable of encrypting and renaming files, maintaining persistence, and targeting specific file types.
The gang notes that its ransomware is capable of “psychological manipulation,” and its ransom demands “create a sense of urgency and fear.”
“The ransom note includes threatening language (“your data has been encrypted,” “pay now or lose your files forever”) and often has an element of urgency such as a deadline or immediate action needed,” Funksec said about its software.
“Result: The victim, feeling stressed and out of options, may be more likely to pay the ransom quickly, in hopes of restoring access to their files.”
However, the gang also said they were happy to deceive their victims via “deceptive recovery” and “make the victim believe that payment would lead to decryption”.
When it comes to “funkday breaches,” the gang appears to be using these small amounts of relatively innocuous data to flesh out its leak site.
The gang also offers a free set of distributed denial-of-service (DDoS) tools on its leak site, which it claims was created by the Funksec team. The fact that the gang appears to have built its own ransomware and DDoS suite suggests high technical capability.
Funksec has listed dozens of victims of one sort or another since its emergence, and while in this case the gang’s list of Australian victims is little more than a nuisance, it certainly seems capable of large-scale malicious activities.