Summary

Bearlyfy, a pro-Ukrainian cyber group, has executed over 70 attacks on Russian companies using a custom ransomware called GenieLocker. The group, also known as Labubu, has been active since January 2025.

Key Points

• Bearlyfy, also known as Labubu, is a pro-Ukrainian cyber group.
• The group has targeted more than 70 Russian firms.
• Attacks have been ongoing since January 2025.
• The ransomware used in these attacks is a custom strain named GenieLocker.
• Bearlyfy aims to inflict maximum damage on Russian businesses.

Analysis

The use of a custom ransomware strain like GenieLocker by Bearlyfy highlights the evolving threat landscape where nation-state affiliated groups are targeting specific geopolitical adversaries. This situation underscores the need for heightened cybersecurity measures, especially for organizations operating in politically sensitive regions.

Conclusion

IT professionals should prioritize implementing robust security protocols and ransomware defenses, particularly in regions experiencing geopolitical tensions. Regular updates and employee training on ransomware threats are essential to mitigate risks.