| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Bearlyfy has been attributed to over 70 cyber attacks targeting Russian companies since its emergence in January 2025, employing a custom Windows ransomware strain known as GenieLocker. The group operates with dual objectives of extortion and sabotage, utilizing a modified version of PolyVice and leveraging vulnerabilities in external services and applications for initial access. Analysis reveals overlaps with PhantomCore, indicating a pro-Ukrainian interest, while Bearlyfy's attacks are characterized by minimal preparation and a focus on immediate impact through data encryption and destruction. Approximately 20% of victims reportedly pay the ransom, with demands escalating to hundreds of thousands of dollars.
There are currently no families associated with this actor.
| 2026-03-26
⋅
The Record
⋅
Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware Babuk LockBit Bearlyfy |