Bearlyfy Launches Custom GenieLocker Ransomware Against Russian Firms
March 27, 2026
In a significant escalation of cyber hostilities, a pro-Ukrainian hacking group known as Bearlyfy has been linked to over 70 cyber attacks directed at Russian companies since it emerged on the cybersecurity radar in January 2025. The latest operations from this group involve a unique strain of ransomware dubbed GenieLocker, which targets Windows systems.
Bearlyfy, also referred to as Labubu, operates with a dual mission that combines financial extortion and sabotage aimed at crippling Russian enterprises. According to F6, a cybersecurity vendor based in Russia, the group’s activities reflect a calculated effort to inflict maximum disruption on their targets. The group initially gained recognition for utilizing encryption methods associated with notorious ransomware families, specifically LockBit 3 (Black) and Babuk. Its early campaigns primarily targeted smaller businesses, but the group’s modus operandi has evolved to include ransom demands reaching as high as €80,000 (approximately $92,100).
As of August 2025, Bearlyfy had publicly claimed at least 30 victims, showcasing a trend of increasingly bold cyber engagements. Starting in May 2025, the group expanded its toolkit to incorporate a modified iteration of PolyVice, another ransomware family connected to Vice Society.
The implications of these attacks are profound, with victims likely experiencing not only financial loss but also significant operational disruptions. By leveraging techniques associated with the MITRE ATT&CK framework, it is plausible that Bearlyfy employed initial access methods such as phishing or exploiting unpatched vulnerabilities to infiltrate target networks. The group may have also utilized persistence techniques to maintain access, enabling them to deploy ransomware effectively.
Moreover, the complexity of the attacks suggests that privilege escalation tactics were likely used to gain higher-level access, facilitating more extensive damage. The interplay of these methods emphasizes the increasing sophistication of cyber threats in the current landscape, underscoring the necessity for robust cybersecurity protocols among businesses.
The growing footprint of Bearlyfy serves as a stark reminder that companies, particularly in conflict-afflicted regions, must remain vigilant against evolving cyber threats. As the digital battleground expands, the intersection of geopolitical tensions and cybersecurity will continue to shape the nature of cyber attacks in the years to come.