In a major win for cybersecurity efforts, researchers at Avast have released a free decryptor tool that enables victims of the FunkSec ransomware to recover their encrypted files without paying a ransom.

The tool was developed by Avast’s malware research team, led by Ladislav Zezul, in collaboration with law enforcement agencies. According to a blog post from Gen (Avast’s parent company), this joint effort aims to support organizations affected by the now-defunct FunkSec ransomware gang.

Ransomware Group Leaves Behind a Trail of Victims

Researchers uncovered a total of 113 organizations listed on FunkSec’s data leak site. Initially, the group’s operations focused on data theft and extortion, but they later integrated file encryption as part of their attacks. The ransomware campaign appears to have started sometime before 2024 and remained active until at least March 2025.

With the group now inactive, Avast made the decryptor publicly available, allowing businesses to restore access to critical data without paying cybercriminals. “Since the ransomware is no longer operational, we’re releasing the decryptor for anyone to download,” said Zezul.

A Low-Complexity Threat Built with AI Assistance

FunkSec surfaced in late 2024 and quickly drew attention for its amateur-level execution, despite using artificial intelligence in its development process. A Check Point report published in early 2025 suggested that FunkSec was likely run by inexperienced actors, possibly tied to hacktivist circles.

“Although the malware isn’t sophisticated, it caused real disruption. The actor behind it reused code from other ransomware families and used AI to accelerate development,” said Sergey Shykevich, Check Point’s Threat Intelligence Group Manager, during the CPX 2025 conference in Vienna.

How to Recover Files Using the FunkSec Decryptor

The FunkSec ransomware typically appends the “.funksec” extension to encrypted files and drops a ransom note named README-{random}.md in each folder.

To decrypt files, users can follow these steps:

1. Download the free decryptor for 64-bit Windows from Avast’s official site.
2. Run the file as administrator. A guided setup will walk users through the process.
3. Review the license agreement, then click Next.
4. Select the drives or folders containing encrypted files (local drives are preselected).
5. Ensure the backup option is enabled (recommended), then click Decrypt.
6. Wait for the process to finish restoring the files.

This development is a reminder that even lower-tier ransomware threats can have a serious impact—but collaborative efforts between cybersecurity experts and law enforcement continue to provide victims with paths to recovery.

Source: https://www.infosecurity-magazine.com/news/funksec-ransomware-decryptor