A cybercriminal group known as Bearlyfy has recently carried out multiple ransomware attacks. More than 70 companies in Russia have been affected so far. The group has been active since early 2025 and continues to grow. Their latest attacks involve a new ransomware called GenieLocker.

A hooded hacker standing in front of digital code screens, representing Bearlyfy ransomware attacks using GenieLocker malware.

In the beginning, Bearlyfy mainly targeted small businesses with simple attack methods. Their ransom demands were also relatively low during that time. As they gained experience, they started going after larger organizations. This shift also led to a major increase in ransom amounts.

Security researchers believe the group has two main objectives behind these attacks. The first is to make money through ransomware payments. The second is to disrupt and damage Russian organizations. This makes the attacks both financial and politically motivated.

Multiple devices showing ransomware warnings while a person reacts, illustrating systems infected by Bearlyfy’s GenieLocker ransomware.

One major development in their operations is the use of GenieLocker ransomware. This is a custom-built ransomware developed by the group itself. It is designed to target Windows systems and encrypt data effectively. This shows that the group has improved its technical capabilities.

Earlier, Bearlyfy used known ransomware tools like LockBit and Babuk. These tools were based on leaked source code available online. They also used modified versions of other ransomware families. But now, their custom malware shows a higher level of advancement.

Digital screen filled with encrypted data and the word encryption, symbolizing file locking by ransomware during cyber attacks.

The attacks usually start by exploiting weak points in systems or external services. Once inside, attackers use remote tools to move across the network. They then gain control over systems and begin encrypting important files. In some cases, data can also be deleted or damaged.

Another interesting detail is how the ransom messages are created. Bearlyfy does not always rely on automated ransom notes. In some cases, attackers write custom messages themselves. These messages can include instructions or even mocking content.

Cyber warfare concept with words like security and attack, representing politically and financially motivated ransomware campaigns.

Experts estimate that around 20 percent of victims end up paying the ransom. There are also signs that the group may be working with pro-Ukrainian hacking groups. This suggests better coordination and stronger networks behind the attacks. Overall, this campaign shows how ransomware is becoming more advanced and strategic.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news