Ransomware Groups Pear and Lynx Claim Three New Victims in Leak Site Posts

Two ransomware operations have published new claimed victims on their dark web leak sites, signaling fresh extortion activity across multiple sectors. The groups, identified as "Pear" and "Lynx," posted three organizations in total, marking an escalation in their respective campaigns and providing fresh indicators for threat intelligence analysts tracking ransomware infrastructure.

The Pear ransomware group claimed Langenberg, Strubberg, Arand & King, LLC as its latest victim. The firm, based in the United States, operates in the legal and professional services sector—a frequent target for ransomware actors due to the sensitive nature of client data and the pressure points created by attorney-client privilege concerns. Meanwhile, the Lynx ransomware operation posted two separate claims: ossistemes.com, a technology services provider, and kurita.eu, the European domain of Kurita Water Industries, a major Japanese water treatment and industrial solutions company. The Lynx posts suggest the group may be expanding its targeting scope or operating with increased velocity.

These developments provide actionable intelligence for security teams monitoring ransomware threat landscapes. The appearance of new posts on leak sites typically indicates that negotiations have stalled or failed, meaning the threat actors are now applying public pressure through data exposure threats. Organizations in legal services, industrial water treatment, and IT services should review their exposure to these threat groups and monitor indicators of compromise associated with Pear and Lynx operations. The coordinated timing of these posts may reflect broader patterns in ransomware ecosystem activity, though the specific relationships between these groups remain unclear from available data.