Close Menu
Cybercrime and Ransomware

Bearlyfy Launches Custom GenieLocker Ransomware Against Russian Firms

Staff WriterBy No Comments2 Mins Read1 Views

Top Highlights

  1. Bearlyfy, a pro-Ukrainian hacking group, has conducted over 70 cyberattacks on Russian companies since January 2025, mixing extortion and sabotage motives.
  2. The group initially used LockBit and Babuk encryptors, demanding ransom payments up to €80,000, and later adopted a modified PolyVice ransomware linked to Vice Society.
  3. They exploit vulnerabilities and use tools like MeshAgent for remote access, with rapid, minimal-preparation attacks that craft ransom notes independently.
  4. Since March 2026, Bearlyfy shifted to using a proprietary ransomware, GenieLocker, inspired by Venus/Trinity, with more aggressive tactics and psychological pressure on victims.

Bearlyfy Launches New Wave of Attacks Using Custom Ransomware

Since January 2025, the pro-Ukrainian hacking group Bearlyfy has conducted over 70 cyber attacks against Russian companies. These attacks started small but quickly grew more sophisticated. Recently, the group has used a new, custom ransomware called GenieLocker. This shift indicates that Bearlyfy is evolving its methods to cause more damage. The ransomware targets Windows computers, locking files and demanding ransom payments from victims. Experts note that Bearlyfy’s tactics are becoming faster and more aggressive. Their goal appears to be both financial gain and sabotage, which makes their actions particularly concerning.

Rapid Evolution and Strategic Collaboration Shape Threat Landscape

Initially, Bearlyfy’s attacks relied on known encryptors linked to other hacking groups. Over time, however, they adapted by using modified versions of existing ransomware tools, such as PolyVice, which has ties to a larger ransomware family. This strategy allows Bearlyfy to keep its methods flexible and harder to detect. Moreover, analysts have found connections between Bearlyfy and other cyber groups, including PhantomCore and Head Mare. These collaborations help the group improve its access tactics, such as exploiting vulnerabilities and dropping remote access tools. As Bearlyfy continues to develop, it remains a major threat, especially for Russian businesses. Their swift, relentless attacks and psychological tactics leave many companies unprepared, emphasizing the rising importance of cybersecurity awareness.

Continue Your Tech Journey

Dive deeper into the world of Cryptocurrency and its impact on global finance.

Access comprehensive resources on technology by visiting Wikipedia.

CyberAttacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.