pear
Ransomware group profile
94Victims
80Impact score
Also Known As
Pure Extraction
Ransom Pear Team
Description
The PEAR group, known for its ransomware operations, specializes in data exfiltration and extortion since its emergence in July 2025. They aim to steal sensitive information and threaten to release it unless a ransom is paid, using techniques that obscure their identity and intentions. Operating with a low-noise, high-pressure approach, they manipulate victims by posing as legitimate penetration testers during negotiations.
Key insights
- •PEAR operates as a ransom group focusing on data theft rather than encryption.
- •Common initial access methods include credential abuse, phishing, and exploiting unsecured VPNs.
- •The group maintains an average dwell time of approximately 41 days in compromised networks.
- •Communication methods associated with PEAR include contact via Tox and pseudonymous email.
- •They threaten to publish exfiltrated data on their leak site if ransom negotiations fail.
Threat Level & Status Breakdown
For pear · Based on incidents in selected period
4.3threat level
Aggressiveness9/ 10
Lethality0/ 10
Criticality3.9/ 10
Status Breakdown
Claimed100.0%94
First seenJun 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for pear in the selected period
94Total attacks
13peak in Apr
7.2avg / month
↑ 2 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for pear
- onionmail.org
- pearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onion
- psvrn6ahevi6dgf55bzc26q3gjc7s6n7vcth34rmkl2y7e7dijhjfiqd.onion
- q2bg7ljsrpmy6736qqmpwsnqqm3w6d3hhrokohytnmldbom7sthp4sad.onion
- diyr2bnty7iktyxfd4kz65uigcfappjvux73dpgkkeocp3fmlgnuzyyd.onion
- glheoet37vdimgho57tqj76v7fnebnbqxn65bounxyt6hduilkso4yyd.onion
- 757ylxaeemidrhrmmuz6rkxw5jlk65oqou3lvi6evxtrr2nhm5ytmrqd.onion
- e7a6zgqfijn2ko6lzkz53tysjpnf22fxj4h2f3saufrmsts5pbul5eid.onion
- yxwomyfmexm3bfcuumnugrzwluol5qwsw6pmne7jklgmzthkp35l2jqd.onion
- 5qynbyjl4u6vbtnmpokslaxaknyicdvty7vn2qgxmaty3lb7wwxpkbid.onion
- peargxn3oki34c4savcbcfqofjjwjnnyrlrbszfv6ujlx36mhrh57did.onion
- csxilwnl7orv6rwfjen5ye3tefk5shjtr4tysuykgxjsyngpvoqrvbid.onion
- xq5m6ofel63h57by46algju25g37zkdwoxxt7ij45b6obo4mxzc3h6id.onion
- etus2tmakckdlkyjpevoyciuao7er5fj3qm26aev3nch4fusptefiayd.onion
- aw6wb6lmqbtp5po7qrmvmujulbxw4eeeolpg3byva2bgoj44psdugmid.onion
- xsomiaq5awxh3zkzn334s3dgwuvngy6z2to7265exgovnkwk66hjypid.onion
- m3wwhkus4dxbnxbtihexlyd2cv63qrvex6jiebc4vqe22kg2z3udebid.onion
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for pear
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1047
T1047
T1021.001
T1021.001
T1059
T1059
T1389
T1389
T1105
T1105
T1071.001
T1071.001
Victims(94)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Optimum First Mortgage | optimumfirst.com | US United States | Financial Services | Claimed | about 10 hours ago | |
| B & B Trading | bandbtrading.com | US United States | Professional Services | Claimed | 1 day ago | |
| Kirbor Homes | kirbor.com | US United States | Other | Claimed | 1 day ago | |
| Release Marine, Inc. | releasemarine.com | US United States | Transportation | Claimed | 1 day ago | |
| Alpha IT | alphait.no | NO Norway | Technology | Claimed | 10 days ago | |
| Bayou Electrical Services | bayouelectrical.com | US United States | Other | Claimed | 10 days ago | |
| K & E Distributing | kedistributing.com | US United States | Transportation | Claimed | 10 days ago | |
| National Health Fund | nhf.org.jm | JM Jamaica | Healthcare | Claimed | 10 days ago | |
| Plexsupply Inc | plexsupply.net | US United States | Professional Services | Claimed | 21 days ago | |
| Pro Farm Group Inc | profarm.com | US United States | Other | Claimed | about 1 month ago | |
| Fana Jewelry Inc | fanajewelry.com | US United States | Retail & E-Commerce | Claimed | about 1 month ago | |
| Indian Creek Valley Water Authority | icvwater.org | US United States | Government & Defense | Claimed | about 1 month ago | |
| Exchange Group | exg.ca | CA Canada | Financial Services | Claimed | about 1 month ago | |
| Office Furniture Group | ofginc.com | US United States | Manufacturing | Claimed | about 1 month ago | |
| Beyond Measure & Associates, Inc. | churchdesign.com | US United States | Professional Services | Claimed | about 2 months ago | |
| Mesquite Plumbing Inc. | — | US United States | Professional Services | Claimed | about 2 months ago | |
| Morning Star Tours | morningstartours.com | US United States | Hospitality | Claimed | about 2 months ago | |
| Langenberg, Strubberg, Arand & King, LLC | lsakcpa.com | US United States | Professional Services | Claimed | about 1 month ago | |
| Fox Broermann Pediatric Dentistry of Tulsa | — | US United States | Healthcare | Claimed | about 2 months ago | |
| Roger D. Mason II, P.A. | — | US United States | Professional Services | Claimed | 2 months ago |
Page 1 of 5
Affected countries(43)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇺Australia🇧🇪Belgium🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇲Cameroon🇨🇳China🇨🇴Colombia🇨🇿Czech Republic🇩🇪Germany🇪🇬Egypt🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇬🇲GambiaGuadeloupe🇮🇳India🇮🇹Italy🇯🇲Jamaica🇯🇴Jordan🇯🇵Japan🇰🇪KenyaKorea, Republic of🇱🇹Lithuania🇲🇦Morocco🇲🇽Mexico🇲🇾Malaysia🇳🇮Nicaragua🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇴🇲Oman🇵🇱PolandRussian Federation🇸🇪Sweden🇸🇬SingaporeSwaziland🇹🇭ThailandTaiwan, Province of China🇺🇸United States🇻🇳Vietnam🇿🇦South Africa