Consult With Lawyers

TALK TO OUR EXPERT

Pro-Ukraine Bearlyfy Hackers Deploy Custom GenieLocker Ransomware Against Russian Firms

Background and Timeline: Reported on March 26, 2026, a pro-Ukrainian hacker group known as Bearlyfy has escalated its campaign against Russian commercial interests. The group first appeared in January 2025 and has carried out more than 70 cyberattacks over the past year. In March 2026, researchers found that the group has moved from using leaked code to deploying its own proprietary, custom-built malware.

Modus Operandi: Since early March, Bearlyfy has used a custom Windows ransomware strain known as GenieLocker, believed to be developed by the group itself. Unlike many operations, GenieLocker does not always automatically generate ransom notes; instead, attackers often create manual messages mocking the victim. The group aims to cause “maximum damage” while also generating revenue to support their political goals.

Victims and Financial Impact: The group has targeted several large Russian businesses, with ransom demands growing from a few thousand dollars to hundreds of thousands in recent attacks. Russian cybersecurity firm F6 estimates that roughly one in five victims ultimately pays the ransom. The financial proceeds are likely being channeled into hacktivist operations or war-related efforts, marking a fusion of cybercrime and geopolitical conflict.

Investigation and Agencies Involved: The Russian cybersecurity firm F6 conducted the forensic analysis that identified the transition to GenieLocker. International threat intelligence firms have also mapped the group’s evolution from using LockBit 3 Black (leaked code) to their own proprietary toolset. The investigation highlights the group’s “terrifyingly high grasp of technology” despite their lack of traditional academic credentials.

Arrests and Suspects: No arrests have been made, as the group operates from decentralized, likely safe-haven locations in Europe. Bearlyfy members utilize encrypted platforms to coordinate their strikes and share the results of their data exfiltrations. The group is identified as a primary example of “patriotic hacking” that has evolved into a professionalized and technologically independent extortion unit.

Broader Implications and Trends: The rise of Bearlyfy demonstrates that geopolitical conflicts are breeding a new class of “politically-motivated” threat actors. It marks a significant trend where custom ransomware is developed specifically to bypass regional security software and EDR solutions. This development reinforces the lesson that organizations must account for geopolitically motivated attacks in their global risk posture.

Benefits to choose service

A legal expert will draft a proper demand notice, which will strengthen your case and also invite a fruitful response. Adarsh Singhal and its Associates offers services for drafting and sending demand notices. You can easily find a lawyer at Adarsh Singhal and its Associates for your legal needs.
File Your Query Online

    Why we
    • Adarsh Singhal and Associates features experienced and solution-oriented lawyers dedicated to protecting your rights and fighting for your justice.
    • Your legal case is completely secure and confidential.
    • Hiring a lawyer with us is more affordable than other services.
    • Our services are timely, with prompt responses.
    • The process of hiring a lawyer is quick and simple.
    • Adarsh Singhal and Associates is a government-recognized service.

    • Our service proudly boasts of 100% satisfaction from over 1 lakh customers.

       
    Adarsh Singhal & Associates

    © 2025 Adarsh Singhal and Associates.
    All RIghts Reserved.

    Facebook-f Instagram Twitter Youtube
    Quick Links
    Policies
    Get In Touch
    Rajasthan High Court Jaipur – 302005

    Developed & Maintained by Adarsh Singhal & Associates