Bearlyfy, a pro‑Ukrainian group, has been tied to more than 70 cyberattacks against Russian companies since early 2025, evolving from small intrusions using LockBit 3 and Babuk encryptors to high‑value extortion and sabotage. Since March 2026 the group has deployed a proprietary Windows ransomware called GenieLocker and used modified PolyVice components and tools like MeshAgent, driving larger ransom demands and showing overlaps with PhantomCore and Head Mare. #Bearlyfy #GenieLocker
Keypoints
- Bearlyfy has been attributed to over 70 attacks targeting Russian companies since January 2025.
- The group initially used LockBit 3 (Black), Babuk, and third‑party lockers delivered via PolyVice and Vice Society infrastructure.
- In March 2026 Bearlyfy began deploying a proprietary Windows ransomware named GenieLocker, inspired by Venus/Trinity.
- Actors gain access by exploiting external services and vulnerable apps, then deploy tools like MeshAgent for remote access and encryption.
- About 20% of victims pay ransoms, which have risen to hundreds of thousands of dollars as the group’s tactics and collaborations (PhantomCore, Head Mare) evolved.
Read More: https://thehackernews.com/2026/03/bearlyfy-hits-70-russian-firms-with.html