Space Bears Ransomware Mauls Another

By Bogdan Pătru . 16 June 2024

Tech Writer

Fact-Checked this

Invasive Space Bears ransomware announced another victim recently. The victim is US-based InVogue Rejuvenation & Body Sculpting Center. According to the hackers’ OP, the stolen data is set for release in 7-8 days.

Space Bears first came to prominence very recently, in 2024, with their first 7-victim batch (we’ve already written an article on it at the time)
The hackers haven’t posted any additional information aside from the victim’s profile and the deadline for negotiations
Space Bears appears to rely on the double extortion strategy to coerce the victim into paying the ransom
The organization is very new, so not much is known about its structure, members, or standard MO

Space Bears doesn’t appear to necessarily excel in any particular aspect, but it’s too early to conclude one way or the other. What we do know for a fact is that the gang appears to be quite effective and intimidating.

Not many ransomware organizations begin their journey by marking 7 victims at once. Typically, most gangs lay low for a while to test the market and choose their targets carefully. This is done for logistical reasons, since newcomers don’t have many resources to play with.

This doesn’t appear to be a problem for Space Bears. At least at a first glance.

X showing the Space Bears attack on InVogue Rejuvenation & Body Sculpting Center — https://x.com/FalconFeedsio/status/1801909501156639030

It’s important to note that Space Bears gave the victim 8 days to conclude negotiations and pay the ransom. If not, they will leak the stolen data publicly. This is quite telling because it says that the gang is confident in its malware.

InVogue hasn’t commented on the recent attack, but this was to be expected. Most victims refuse to comment publicly on data breaches, primarily due to legal reasons. And secondarily, to avoid giving the hackers too much publicity.

What Do We Know About Space Bears?

Aside from what transpired from their last attacks, not much. We know that the gang is very methodical and resourceful. While it may not seem like it, they do choose their targets carefully. Their first operation, which resulted in 7 victims, showed that.

But other than that, the organization is still largely unknown. There are a handful of theories to consider, but the likeliest one is also the most natural: the gang is connected to other ransomware organizations.

As experts explain, the cybercriminal sphere as a whole is a fluid and malleable mass. Different gangs exchange manpower, resources, tools, and tips and often dissolve into one another. The latter typically occurs when one gang gets targeted by the FBI.

When it comes to Space Bears, it’s too early to conclude one way or the other. But we’ll most likely find out more as the gang becomes more active on the market.

So, given that we don’t know much about the organization, what should you do if you’re targeted by Space Bears? The same you would if you were targeted by any other ransomware actor: give them the silent treatment.

Don’t negotiate, don’t pay the ransom, because this will incentivize them to continue their work, and boost your defenses. Easy and to the point.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Space Bears Ransomware Mauls Another

What Do We Know About Space Bears?

Our Mission

Bogdan Pătru

Leave a Comment Cancel