Bearlyfy

MISP

Type:
Unknown

Country:
UA

First seen:
Unknown

Details:

Bearlyfy has been attributed to over 70 cyber attacks targeting Russian companies since its emergence in January 2025, employing a custom Windows ransomware strain known as GenieLocker. The group operates with dual objectives of extortion and sabotage, utilizing a modified version of PolyVice and leveraging vulnerabilities in external services and applications for initial access. Analysis reveals overlaps with PhantomCore, indicating a pro-Ukrainian interest, while Bearlyfy's attacks are characterized by minimal preparation and a focus on immediate impact through data encryption and destruction. Approximately 20% of victims reportedly pay the ransom, with demands escalating to hundreds of thousands of dollars.

References (2)

Aliases (45)

Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu Labubu

Metadata

ID:	1040
Created:	09/04/2026 16:00
Updated:	01/05/2026 16:00