What is Space Bears?
Space Bear is a relatively new ransomware group that first appeared on the radar in April 2024. The gang, which is aligned to the Phobos ransomware-as-a-service group, steals sensitive data from organisations, encrypts victims’ computer systems, and demands that a ransom be paid for a decryption key or the data will be published on the dark web.
So far, so normal. What makes Space Bears noteworthy?
Space Bears has gained a certain amount of notoriety by the way in which it presents itself. Unlike other ransomware gangs, Space Bears presents a very “corporate” image of itself. For instance, on its leak website the Space Bears group uses stock images that you would more naturally associate with a corporation than a hacking gang.
This distinctive approach exhibits itself in webpages that ask, “Do you trust your data to this company?” in a style that would feel more normal on a company that was trying to sell you ransomware protection services than extort a ransom after stealing your data.
Wow. That’s certainly a different way for a ransomware gang to present itself!
On another page, alongside a friendly corporate stock image, Space Bears offers “guarantees” of what it will do if your company pays its ransom.
Guarantees after the transaction: – Your publication will be deleted from this site – All downloaded information, confidential data, personal data, databases will be deleted from the servers – Tools to decrypt your system will be provided if necessary – We will give you information on how to avoid similar attacks in the future
These ransomware gangsare fearless. Where is Space Bears located?
Although it is difficult to be definitive, Space Bears is believed to operate from the Russian capital, Moscow.
If Space Bears is based in Moscow, shouldn’t Russian police do something about them?
While some Russian ransomware operators have been arrested, it is true that many seem to continue their criminal activity with a level of impunity. The current geo-political situation makes it seem unlikely that anything dramatic will change in the near future.
What action should my company take right now to protect against Space Bears?
The best thing to do is to ensure that you have hardened defences in place before a ransomware attack, to reduce the chances of it succeeding and limiting any potential impact on your business. Companies would be wise to follow our recommendations on how to protect your organisation from other ransomware. Those include:
- Making secure offsite backups.
- running up-to-date security solutions and ensuring that your computers are protected with the latest security patches against vulnerabilities.
- Restrict an attacker’s ability to spread laterally through your organisation via network segmentation.
- using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication.
- encrypting sensitive data wherever possible.
- reducing the attack surface by disabling functionality that your company does not need.
- Educating and informing staff about the risks and methods used by cybercriminals to launch attacks and steal data.
Stay safe, and don’t allow your organisation be the next victim to fall foul of the Space Bears ransomware group.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.
Leave feedback about this