pear
Ransomware group profile
Description
The PEAR group, known for its ransomware operations, specializes in data exfiltration and extortion since its emergence in July 2025. They aim to steal sensitive information and threaten to release it unless a ransom is paid, using techniques that obscure their identity and intentions. Operating with a low-noise, high-pressure approach, they manipulate victims by posing as legitimate penetration testers during negotiations.
Key insights
- •PEAR operates as a ransom group focusing on data theft rather than encryption.
- •Common initial access methods include credential abuse, phishing, and exploiting unsecured VPNs.
- •The group maintains an average dwell time of approximately 41 days in compromised networks.
- •Communication methods associated with PEAR include contact via Tox and pseudonymous email.
- •They threaten to publish exfiltrated data on their leak site if ransom negotiations fail.
Threat Level & Status Breakdown
For pear · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for pear in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for pear
- onionmail.org
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for pear
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1047
T1047
T1021.001
T1021.001
T1059
T1059
T1389
T1389
T1105
T1105
T1071.001
T1071.001
Victims(86)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Plexsupply Inc | plexsupply.net | US United States | Professional Services | Claimed | 5 days ago | |
| Pro Farm Group Inc | profarm.com | US United States | Other | Claimed | 14 days ago | |
| Fana Jewelry Inc | fanajewelry.com | US United States | Retail & E-Commerce | Claimed | 14 days ago | |
| Indian Creek Valley Water Authority | icvwater.org | US United States | Government & Defense | Claimed | 14 days ago | |
| Exchange Group | exg.ca | CA Canada | Financial Services | Claimed | 14 days ago | |
| Office Furniture Group | — | US United States | Manufacturing | Claimed | 26 days ago | |
| Beyond Measure & Associates, Inc. | churchdesign.com | US United States | Professional Services | Claimed | about 1 month ago | |
| Mesquite Plumbing Inc. | — | US United States | Professional Services | Claimed | about 1 month ago | |
| Morning Star Tours | morningstartours.com | US United States | Hospitality | Claimed | about 1 month ago | |
| Langenberg, Strubberg, Arand & King, LLC | lsakcpa.com | US United States | Professional Services | Claimed | 25 days ago | |
| Fox Broermann Pediatric Dentistry of Tulsa | — | US United States | Healthcare | Claimed | about 1 month ago | |
| Roger D. Mason II, P.A. | — | US United States | Professional Services | Claimed | about 1 month ago | |
| Colorado Pulmonary Intensivists | cpimedicine.com | US United States | Healthcare | Claimed | about 2 months ago | |
| Arkansas Oral & Maxillofacial Surgeons | arsurgeons.com | US United States | Healthcare | Claimed | about 2 months ago | |
| Colonial Presbyterian Church | colonialkc.org | US United States | Education | Claimed | about 2 months ago | |
| Siegel Lewitter Malkani | sl-employmentlaw.com | US United States | Professional Services | Claimed | about 2 months ago | |
| Family Psychological Associates | kcifpa.com | US United States | Healthcare | Claimed | about 2 months ago | |
| Powell, Powell & Powell, P.A. | powelllawfirm.com | US United States | Professional Services | Claimed | about 2 months ago | |
| The McLamb Group, Inc | themclambgroup.com | US United States | Transportation | Claimed | about 2 months ago | |
| Kinsmen TeleMiracle | — | CA Canada | Retail & E-Commerce | Claimed | about 1 month ago |
Page 1 of 5
Affected countries(38)
Countries where this group has been reported to target or leak victims.