Ransomware Group: PEAR

VICTIM NAME: ComTec Systems

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PEAR Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On 2025-09-23, ComTec Systems, a United States–based technology firm described as specializing in business telecommunications and cost reduction consulting, is listed as a victim in a ransomware leak post. The leak page is attributed to a group identified as PEAR (Pure Extraction And Ransom) and references the victim’s site comtecsystems[.]net, situating the company within the Internet Service Providers, Website Hosting & Internet-related Services sector. The post frames the incident as a data-leak event rather than a pure encryption incident, signaling that stolen data could be released publicly or made available for download as part of a double-extortion scheme. The page also indicates that a ransom claim URL is present, suggesting a negotiation path or further communication. The summary keeps ComTec Systems as the focal victim name.

The leak page enumerates extensive data alongside financial and internal records: the attackers claim access to about $20 million in revenue and roughly 1 terabyte of data. Data categories described include Financials, HR data, Partners’ and Vendors’ Data, Clients’ Private and Confidential Data, Mailboxes & Email Correspondence, the QuickBooks Database, and OneDrive Stored Files. The entry shows no visible screenshots or images and does not list additional attachments beyond text; an in-page contact email is present in the excerpt but is redacted in this summary, and a TOX identifier is referenced but not disclosed here. These elements align with typical double-extortion ransomware operations that threaten public release or sale of stolen data. The page does not provide raw URLs here, and any links referenced are defanged or omitted for safety.

Post date and risk context: The data provides a post date of 2025-09-23; in the absence of a separate compromise date, this timestamp is treated as the leak post date. The incident underscores persistent risks to technology service providers handling financial, HR, vendor, and client data, as well as internal files stored in cloud services. The victim’s name is preserved as ComTec Systems in this summary to maintain fidelity with the leak’s reference.