Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors have claimed a cyber attack on a New Zealand-based accounting firm, claiming to have stolen client data, business records and more.
TAS NZ Bay Limited is an Auckland-based accounting firm that prides itself on its client-focused operations.
The firm was listed on the dark web leak site of the PEAR ransomware group early last month, which claimed to have stolen 365 gigabytes of “financials, business contracts and agreements, PII records, partners’ / vendors / clients private data, email correspondence [and] databases”.
The group also posted sample data, which included scans of an account statement, a business document and a passport.
PEAR has since “leaked” the allegedly stolen data and has posted download links on the site. While Cyber Daily has not been able to verify if the data is legitimate, databases posted by the group line up with the data the group claims to have exfiltrated.
Cyber Daily has reached out to TAS NZ Bay Limited for more information.
Who is PEAR ransomware?
PEAR Ransomware is a brand new threat group, having posted its first victim on 24 June 2025. The group’s name stands for PURE EXTRACTION and RANSOM, and as the name suggests, means the group does not engage in encryption or double extortion tactics.
At the time of writing, the group has 18 victims, 15 of which are US-based, but it has also targeted businesses in Australia, Germany, and New Zealand. In total, the group has claimed to have exfiltrated 12.7 terabytes of data from its victims.
In a ransom negotiation with one of its victims, posted by ransomware.live, the group is aggressive in its discussions, refusing to extend deadlines or take down victim names once negotiation has started.
The group also sets high ransom prices, despite exclusively targeting SMEs, most of which have an annual revenue of less than US$5 million. In the example seen by Cyber Daily, the group was demanding 4BTC (roughly US$460,000) after claiming to have exfiltrated 3.8 terabytes of data. While the threat actor offered a 10 per cent discount after the victim said they were unable to pay, it stood firm at 3.6BTC.
The group also set a payment deadline, which, once reached, the uploaded data would not be removed, and it refused to budge on the deadline when the victim said they were working to gather enough funds to pay the amount.
As the example showed, this inability to be flexible may lead to victims not cooperating.
It is worth noting that the Australian government, like many governments, strongly advises that victims of ransomware do not pay ransom, as there is no guarantee the criminals will stick to their word, and the money fuels cyber crime.
Be the first to hear the latest developments in the cyber industry.
