Group Space Bears is a ransomware group that first appeared in April 2024, notable for its distinctive "corporate" presentation on its dark web leak site, which employs stock images and offers "guarantees" to victims. The group operates as an affiliate of the Phobos ransomware-as-a-service (RaaS) group, leveraging its infrastructure and tools. Primarily driven by financial gain, Group Space Bears utilizes double extortion tactics to pressure victims into paying ransoms, frequently targeting small to medium-sized organizations. While some analyses suggest a reliance on basic extortion strategies rather than highly sophisticated malware, the group’s unique public-facing persona sets it apart from other ransomware operators.
United Arab EmiratesAustraliaBosnia and HerzegovinaBrazilCanadaCôte d'IvoireCameroonGermanyEcuadorSpain
Sectores objetivo (SOCRadar)
Construction of BuildingsFood ManufacturingOther Information ServicesSoftware PublishersAccommodationAir TransportationManufacturingConstructionPublic AdministrationOil & Gas