Pear Ransomware Strikes Again: CTI & Coordinators Added to Victim Roster

In the ever-evolving battleground of cybercrime, the infamous Pear ransomware group has surfaced with a new conquest: CTI & Coordinators. The revelation, unearthed by threat trackers at ransomware.live, sends fresh shockwaves through the cybersecurity community, raising questions about Pear’s motives, methods, and the mounting risks for organizations everywhere.

Fast Facts

• Victim: CTI & Coordinators
• Ransomware Group: Pear
• Incident Discovered: March 5, 2026
• Estimated Attack Date: March 2, 2026
• Details: DNS records surfaced; leak screenshot published by Pear

The digital underworld seldom sleeps, and Pear - one of the most active ransomware gangs of recent years - has proven it once again. On March 5, 2026, cybersecurity monitoring platform ransomware.live flagged a new victim on Pear’s leak site: CTI & Coordinators. The attack itself is believed to have occurred just days earlier, on March 2. While the specific industry and country of the victim remain undisclosed, the available DNS records and the leak screenshot offer a chilling confirmation: Pear has successfully breached yet another organization.

Ransomware attacks like this typically unfold with surgical precision. Attackers infiltrate a target’s network, often using phishing emails or exploiting vulnerabilities, then deploy malware that encrypts critical data. The victim is left paralyzed, facing a grim ultimatum - pay up, or see sensitive data published online. Pear, known for its aggressive extortion tactics, uses public leak sites as a pressure tool, listing victims and sharing proof of compromise to force negotiations.

What makes this case noteworthy is the continued public documentation of such attacks by sites like ransomware.live. While they do not host stolen data, these platforms provide invaluable transparency, tracking the spread of ransomware and alerting the world to new threats. For defenders, such visibility is crucial: it enables proactive threat hunting, incident response, and sector-wide awareness.

The Pear group’s modus operandi remains consistent - strike fast, demand ransom, and rely on the reputational damage of leak sites to coerce payment. For organizations like CTI & Coordinators, the aftermath can be severe: operational disruption, legal fallout, and lasting reputational harm. As the ransomware economy grows ever more sophisticated, even the most prepared businesses find themselves in the crosshairs.

With Pear’s latest attack, the message is clear: no organization is too obscure or too prepared to be immune. In a world where digital extortion is a booming business, constant vigilance, robust defense, and collective intelligence-sharing are the only antidotes to the ransomware epidemic.

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Leak Site: A leak site is a website where cybercriminals post or threaten to post stolen data to pressure victims into paying a ransom.
• DNS Records: DNS records are digital instructions that direct internet traffic to the right servers, ensuring websites and services are accessible and secure.
• Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
• Incident Response: Incident response is the structured process organizations use to detect, contain, and recover from cyberattacks or security breaches, minimizing damage and downtime.