Ransomware Group: PEAR

VICTIM NAME: Western Orthopaedics

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PEAR Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Western Orthopaedics, a US-based healthcare provider specializing in orthopaedic surgery, musculoskeletal conditions, sports injuries, and spinal care, is identified as the victim in the leak page analyzed. The post is dated September 30, 2025, which, in the absence of a separately disclosed compromise date, should be interpreted as the post date. The page frames the incident as a data-leak exfiltration rather than a full encryption event, and there is no ransom amount stated in the available material. A claim URL is indicated on the page, though the link is not reproduced here.

The leak page asserts that Western Orthopaedics has had roughly 1.7 terabytes of data exfiltrated, including financial records, human resources data, partners’ and vendors’ data, numerous patients’ PII and PHI records, payment details, mailboxes and email correspondence, and database exports. This range of data encompasses financial information, personnel records, supplier data, and sensitive patient data, underscoring potential privacy and regulatory risk for the organization. The page references the victim’s site as western-ortho[.]com and presents a post date aligned with the leak timeline. There is no explicit ransom demand shown in the available material.

Metadata indicates there are no attached images or screenshots on the page, and there are no additional links listed in the excerpt. An email address appears in the snippet but has been redacted to protect PII. The presence of a claim URL suggests an intention to publicly disclose or negotiate over the exfiltrated data, but the provided data do not include any ransom amount or terms. In sum, the leak page centers on Western Orthopaedics and highlights the potential exposure of highly sensitive healthcare data and related business information.