Close Menu
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
What's Hot

Harry Styles celebrates England’s World Cup victory over Democratic Republic of the Congo at Wembley

Kate Middleton wears Gabriella Hearst suit for Wimbledon 2026

What to watch this weekend: Elle Woods returns with British penniless-to-riches story

Facebook X (Twitter) Instagram
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
Facebook X (Twitter) Instagram
FYMOUS News
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
FYMOUS News
Home » Bearlyfy attacks over 70 Russian companies with custom GenieLocker ransomware
Celebrities

Bearlyfy attacks over 70 Russian companies with custom GenieLocker ransomware

By March 27, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

Ravi LakshmananMarch 27, 2026Threat Intelligence/Vulnerability

A pro-Ukrainian group called Bearlyfy has been implicated in more than 70 cyberattacks targeting Russian companies since first emerging into the threat world in January 2025, with the most recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker.

Russian security vendor F6 said: “Bearlyfy (also known as Labubu) operates as a dual-purpose group aiming to cause maximum damage to Russian companies. Its attacks serve the dual purpose of extortion and sabotage for financial gain.”

The hacking group was first documented by F6 in September 2025 as leveraging encryption equipment associated with LockBit 3 (Black) and Babuk, and its initial intrusions focused on small businesses before raising deposits and demanding ransoms as high as 80,000 euros (approximately $92,100). By August 2025, the group had claimed at least 30 victims.

Starting in May 2025, Bearlyfy attackers also utilized a modified version of PolyVice, a ransomware family attributed to Vice Society (also known as DEV-0832 or Vanilla Tempest). It has a history of delivering third-party lockers such as Hello Kitty, Zeppelin, RedAlert, and Rhysida ransomware in its attacks.

Further analysis of the threat actor’s toolset and infrastructure reveals overlap with PhantomCore, another group assessed to be operating with Ukraine’s interests in mind. It has been known to attack companies in Russia and Belarus since 2022. Besides PhantomCore, Bearlyfy is said to be working with Head Mare.

The attacks launched by this group exploited external services and vulnerable applications to gain initial access and then dropped tools such as MeshAgent that facilitated remote access and allowed data to be encrypted, destroyed, or modified. In contrast, PhantomCore runs APT-style campaigns, where reconnaissance, persistence, and data exfiltration are prioritized.

“The group itself is distinguished by rapid-fire attacks that are characterized by minimal preparation and rapid data encryption. Another feature of these attacks is that the ransom note is not generated by the ransomware software itself, but directly by the attackers,” F6 noted last year.

Bearlyfy attacks have proven to be an illegal revenue source. According to F6 data, approximately 1 in 5 victims choose to pay the ransom. Initial ransom demands from adversaries reportedly escalated further, reaching hundreds of thousands of dollars.

The most notable change in threat actor modus operandi is the use of a unique ransomware family called GenieLocker to target Windows endpoints since early March 2026. GenieLocker’s encryption scheme is inspired by the Venus/Trinity ransomware family.

One of the most distinctive features of a ransomware attack is that a ransom note is automatically generated by the locker. Instead, threat actors choose their own methods to share next steps with victims. Choose between simply sharing your contact details or complex messages that try to use psychological pressure to force you to pay.

“In the early stages, Bearlyfy members showed a lack of sophistication and were clearly experimenting with different technologies and toolsets, but within a year, the group evolved into a veritable nightmare for Russian companies, including major ones,” F6 said.


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleWhy the water sector needs to rethink its values
Next Article ‘A major disruption in Neanderthal history’: 65,000 years ago, all but one lineage of European Neanderthals became extinct

Related Posts

Kate Middleton wears Gabriella Hearst suit for Wimbledon 2026

July 2, 2026

Taylor Swift’s wedding dress and bridal music video look

July 1, 2026

Olivia Wilde wears Calvin Klein collection at The Invite in London

July 1, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Harry Styles celebrates England’s World Cup victory over Democratic Republic of the Congo at Wembley

Kate Middleton wears Gabriella Hearst suit for Wimbledon 2026

What to watch this weekend: Elle Woods returns with British penniless-to-riches story

Canada invited to 2027 Eurovision Song Contest

Trending Posts

Harry Styles celebrates England’s World Cup victory over Democratic Republic of the Congo at Wembley

July 2, 2026

Kate Middleton wears Gabriella Hearst suit for Wimbledon 2026

July 2, 2026

Canada invited to 2027 Eurovision Song Contest

July 2, 2026

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to The FYMOUS, a modern digital media platform dedicated to celebrities, artists, influencers, brands, entertainment culture, and the growing TwinH ecosystem.

We bring audiences closer to the people, stories, trends, and collaborations shaping today’s culture. From exclusive celebrity news and music releases to influencer highlights, brand partnerships, and TwinH activations, The FYMOUS delivers engaging content designed for the next generation of digital audiences.

Castilla-La Mancha Ignites Innovation: fiveclmsummit Redefines Tech Future

Local Power, Health Innovation: Alcolea de Calatrava Boosts FiveCLM PoC with Community Engagement

The Future of Digital Twins in Healthcare: From Virtual Replicas to Personalized Medical Models

Human Digital Twins: The Next Tech Frontier Set to Transform Healthcare and Beyond

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
© 2026 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.