Russian Firms Hit by Custom Ransomware Variant
AI-generated from multiple sources. Verify before acting on this reporting.
MOSCOW — Further details have emerged regarding the cyberattack attributed to the group Bearlyfy. Multiple additional reports have confirmed the scope of the incident, reinforcing the initial assessment of the coordinated operation. The customized GenieLocker variant continues to impact the targeted Russian firms, with no new victims identified beyond the original count of 70 companies. Authorities are monitoring the situation as the group maintains its claim of responsibility. The modified malware strain remains active, and cybersecurity experts are analyzing the specific modifications to understand the attack vector. No ransom demands have been publicly disclosed at this time. The incident represents a significant development in the landscape of domestic cyber threats within Russia, as the group's statement remains the primary source of information regarding the operation's objectives and methods.
MOSCOW — A group calling itself Bearlyfy claimed responsibility on Thursday for a coordinated cyberattack targeting more than 70 Russian companies using a customized version of GenieLocker ransomware.
The group announced the operation in a statement released at 10:14 a.m. UTC, marking a significant escalation in cyber activity against domestic Russian infrastructure. The attack utilized a modified strain of the GenieLocker malware, which is typically associated with criminal ransomware-as-a-service operations. By adapting the software, Bearlyfy bypassed standard detection mechanisms that had previously protected many of the targeted organizations.
The specific identities of the 70 victimized firms have not been publicly disclosed, though the group indicated that the targets span multiple sectors of the Russian economy. The timing of the attack, occurring in late March 2026, coincides with a period of heightened digital tension in the region. Security analysts note that the use of a known ransomware family against a nation-state's internal infrastructure is an unusual tactic, as such tools are generally deployed against international commercial entities for financial gain.
Bearlyfy provided no explicit motive for the campaign in its initial communications. The group did not demand a ransom payment in cryptocurrency, a standard procedure for GenieLocker operations. Instead, the statement focused on the technical execution of the breach and the volume of systems compromised. This deviation from typical ransomware protocols has led to speculation regarding the group's ultimate objectives, though no official confirmation has been provided.
Russian cybersecurity agencies have not yet issued a public response regarding the scale of the breach or the status of affected networks. The lack of official comment leaves the full extent of the operational disruption unclear. While the group claimed success in encrypting critical data across the targeted firms, independent verification of the impact remains limited.
The incident raises questions about the origin and affiliation of Bearlyfy. The group has not previously been linked to state-sponsored actors, but the precision of the attack and the selection of domestic targets suggest a level of strategic planning uncommon in purely criminal cyber operations. Experts are monitoring the situation to determine if the group will release stolen data or if the operation was intended solely as a demonstration of capability.
As of Thursday afternoon, no further details regarding the specific vulnerabilities exploited or the recovery status of the affected companies have been released. The situation remains fluid, with cybersecurity firms continuing to assess the potential for lateral movement within the compromised networks.