Fast Facts

• Pear ransomware gang claims attack on Poe’s Accounting Services.
• Incident discovered November 17, 2025; attack believed to have occurred on November 13, 2025.
• Ransomfeed and ransomware.live list the breach, but no stolen data is directly posted by them.
• Pear is part of a new wave of ransomware groups specializing in targeting professional services.
• Attack underscores growing vulnerability of small and mid-sized firms to cyber extortion.

Dark Clouds Over Poe’s: A Familiar Storm

Picture a quiet accounting office, its digital ledgers humming with the lifeblood of small businesses. One morning, the screens freeze; files are locked, and a chilling ransom note appears - signed, this time, by the cybercriminal group Pear. For Poe’s Accounting Services, a routine week in November turned into a high-stakes standoff with invisible adversaries.

Pear, a ransomware group that’s gathered notoriety in 2025, has just added Poe’s to its growing gallery of victims. Much like pirates of old, these modern-day marauders don’t sail ships - they ride code, slipping into networks to plunder data and demand payment for its return. Their announcement, spotted on November 17 by the monitoring site ransomware.live, is another warning shot for the professional services sector.

Pear’s Modus Operandi: Picking the Softest Fruit

Ransomware attacks are digital hostage-takings: criminals sneak into a company’s systems, encrypt vital files, and demand a ransom to unlock them. Pear, like many of its peers, often exploits weak points - outdated software, poor password practices, or employees unaware of phishing tricks. Once inside, they move quickly, locking up data and sometimes threatening to leak sensitive information if their demands aren’t met.

Pear belongs to a new breed of ransomware gangs that focus on smaller, professional outfits - law firms, clinics, and now, accounting services. These businesses often lack the robust defenses of large corporations, making them soft targets. In recent years, similar attacks have hit firms from New Jersey to the UK, with criminals banking on quick payouts and minimal law enforcement attention. According to cybersecurity firm Coveware, the average ransomware payment for small businesses surged in 2025, reflecting the growing profitability of these attacks.

Wider Ripples: Why This Matters

While the technical details remain sparse - no specifics on the malware strain or ransom amount - Poe’s ordeal fits a bigger pattern. Ransomware groups like Pear are increasingly professionalized, operating like shadowy tech startups with customer service lines and PR strategies. Their attacks disrupt not just businesses but the trust that underpins local economies. For clients of Poe’s, the fear isn’t just about stolen numbers; it’s about whether their financial secrets are now up for grabs on the dark web.

These incidents also highlight a geopolitical dimension: many ransomware gangs operate from jurisdictions with little risk of extradition, complicating international efforts to bring them to justice. As attacks proliferate, small businesses face a stark choice - invest in cyber defenses or risk joining the growing list of digital hostages.

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Encryption: Encryption transforms readable data into coded text to prevent unauthorized access, protecting sensitive information from cyber threats and prying eyes.
• Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
• Data Leak: A data leak is the unauthorized release of confidential information, often exposing sensitive data to the public or malicious actors.
• DNS Records: DNS records are digital instructions that direct internet traffic to the right servers, ensuring websites and services are accessible and secure.