Quick Summary
Executive Summary
Spector and Lenz, PC, a business services firm located in the United States, has been identified as a victim by the Pear ransomware group. The listing appeared on their dark web portal on June 30, 2026, as detected by SOCRadar’s Dark Web Monitoring service. This incident aligns with Pear’s recent targeting patterns, which have a strong focus on business services, financial services, and construction sectors, particularly within the United States. Pear ransomware has been observed targeting professional services organizations, and Spector and Lenz, PC fits this profile. While this specific listing was discovered on June 30, 2026, the group has claimed numerous other victims in the preceding 60 days.
Technical Analysis
SOCRadar’s analysis of initial access vectors, specifically using stealer-log telemetry, did not return any records for spectorandlenz.com. It is crucial to note that a null result does not confirm the absence of exposed credentials. Such findings can be limited by the scope of the query, potentially missing credentials indexed under alternative domains, personal email aliases, or feeds not included in the dataset. Ransomware groups like Pear commonly exploit credentials harvested by infostealers as an initial access method. These credentials are often sourced from underground marketplaces, validated, and then used to gain access to corporate networks via platforms like Microsoft 365, VPNs, or remote access portals, prior to ransomware deployment. The lack of a direct hit in the stealer-log telemetry does not preclude this attack vector. Cybersecurity intelligence teams are advised to conduct continuous monitoring and maintain robust credential hygiene practices rather than concluding that there are no exposed credentials based solely on a null query result.