Cyber Attack on New Zealand Accounting Firm: PEAR Ransomware Claims Breach
Ransomware Incident Reported
A significant cybersecurity breach has struck TAS NZ Bay Limited, an Auckland-based accounting firm known for its client-oriented services. The PEAR ransomware group claims to have successfully infiltrated the firm, alleging that they have stolen sensitive client information, business documents, and other critical data.
The breach first came to light when PEAR was listed on a dark web leak site in early September, where they asserted they had extracted approximately 365 gigabytes of data. This data reportedly includes confidential financial documents, business contracts, personally identifiable information (PII), and communications related to clients and vendors.
Details of the Data Breach
Following the announcement of the data breach, PEAR published samples on their leak site to substantiate their claims. These samples included scanned documents such as an account statement, a business document, and a passport. While the authenticity of the leaked data has not been independently verified, initial investigations by Cyber Daily suggest a correlation between the data released and the claims made by the ransomware group.
Efforts to secure comments from TAS NZ Bay Limited regarding the breach have been initiated, but no official response has been provided as of now.
Understanding PEAR Ransomware
PEAR Ransomware is categorized as a relatively new threat actor in the cybersecurity landscape, having launched its first attack on June 24, 2025. The group’s name, an acronym for PURE EXTRACTION AND RANSOM, reflects their operational strategy, which does not involve data encryption or double-extortion tactics commonly employed by other ransomware groups.
With 18 recorded victims to date, PEAR has primarily targeted American businesses, with a notable presence in Australia, Germany, and New Zealand. The group claims to have exfiltrated an impressive 12.7 terabytes of data across its various targets.
Aggressive Ransom Negotiation Tactics
Interactions between PEAR and its victims reveal a pattern of aggressive negotiation tactics. According to records published by ransomware.live, the group is uncompromising once ransom discussions begin. They set high ransom demands, often in Bitcoin, targeting small to medium enterprises (SMEs) which typically show annual revenues of less than USD $5 million.
In particular cases, the group has requested ransoms as high as 4 BTC (approximately USD $460,000) for the return of stolen data. Even when victims express their inability to meet these demands, PEAR has shown little flexibility, instead offering only minimal discounts on the original ransom amounts.
This hardline approach to negotiation, including the establishment of strict payment deadlines, raises concerns for potential victims. PEAR maintains that once the deadline expires, the stolen data will remain on the dark web, reducing the likelihood of a successful outcome for victims.
Government Response and Recommendations
Authorities, including the Australian government, continue to advise against paying ransoms in such scenarios. The rationale is straightforward: there are no guarantees that payment will lead to the return of stolen data, and paying ransoms only serves to perpetuate cybercrime.
As the cyber threat landscape evolves, both businesses and consumers must remain vigilant. Organizations like TAS NZ Bay Limited are being reminded of the importance of robust cybersecurity measures to protect against threats like those posed by PEAR ransomware and other cybercriminal entities. The focus should remain on proactive strategies, risk assessment, and data protection protocols to mitigate the potential impact of future cyber threats.
