EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Pro-Ukraine Bearlyfy and Iran-linked Pay2Key ransomware groups active with new campaigns

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-03-25 19:14 UTCUpdated 2026-03-26 15:30 UTC
rss
ransomwarethreat_actorscyberattacksgeopolitics
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware
The Record (Recorded Future News) · News · therecord.media · 2026-03-26 15:30 UTC
Iran-Linked Pay2Key Ransomware Group Re-Emerges
Infosecurity Magazine · News · infosecurity-magazine.com · 2026-03-26 10:45 UTC
limited source diversity in top sources
View all evidence
Overview

The pro-Ukrainian hacker group Bearlyfy has conducted over 70 cyberattacks against Russian companies in the past year and is now intensifying its operations with newly developed ransomware tools.

Entities
HalcyonBeazley SecurityPay2KeyBearlyfy
Score total
0.81
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • Bearlyfy's recent escalation signals intensifying cyber conflict amid the Russia-Ukraine war.
  • Pay2Key's re-emergence suggests renewed Iranian-linked ransomware activity to monitor.
  • Understanding these developments supports timely threat intelligence and mitigation efforts.
Why it matters
  • Ransomware groups linked to geopolitical conflicts pose ongoing risks to targeted nations and companies.
  • New ransomware tools indicate evolving tactics that may increase attack impact and complexity.
  • Tracking these groups helps inform defensive and incident response strategies.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • Pro-Ukrainian hacker group Bearlyfy has conducted over 70 cyberattacks against Russian companies and is deploying new ransomware tools
  • Iran-linked ransomware group Pay2Key has re-emerged and is being tracked by security firms Halcyon and Beazley Security
How sources frame it
  • The Record (Recorded Future News): neutral
  • Infosecurity Magazine: neutral
All evidence
All evidence
Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware
The Record (Recorded Future News) · therecord.media · 2026-03-26 15:30 UTC
Iran-Linked Pay2Key Ransomware Group Re-Emerges
Infosecurity Magazine · infosecurity-magazine.com · 2026-03-26 10:45 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • The Record (Recorded Future News) (1)
  • Infosecurity Magazine (1)
Top origin domains (this list)
  • therecord.media (1)
  • infosecurity-magazine.com (1)