Ransomware Strikes Accounting Firm What Went Wrong—and What Comes Next

1. Ransomware Strikes Accounting Firm: What Went Wrong and What Comes Next Threat actors have claimed a cyber attack on an accounting firm in New Zealand. They say they stole client records, emails, databases and 365 gigabytes of documents. The firm, TAS NZ Bay Limited, is in Auckland and known for its client-centred service. PEAR Ransomware listed it on a dark-web leak site early last month. The group shared sample data—scans of account statements, a business document and even a passport. They also posted download links for the full payload. Cyber Daily could not confirm the data’s validity. Still, the files they shared seem to align with what they claimed was taken. Cyber Daily has tried to contact TAS NZ Bay Limited for comment. 3 breaches in 21 days – why you need a cyber security team ASAP! Who’s Behind PEAR Ransomware? PEAR stands for PURE EXTRACTION and RANSOM. It doesn’t encrypt files. Instead, it steals data and threatens to leak it. The group first showed up on June 24, 2025, and has since listed 18 victims. Most are in the US, but Australia, Germany and New Zealand are also targets. Total claimed data stolen: 12.7 terabytes. In one published ransom negotiation, PEAR demanded 4 BTC—about US$460,000—after stealing 3.8 TB. When the victim said they couldn’t pay, PEAR dropped to 3.6 BTC but refused to extend the

2. deadline or remove the threat if payment wasn’t made on time. This kind of inflexibility can stop victims from cooperating. Authorities in Australia, like many governments, strongly advise victims not to pay. Ransom payments fund cybercrime and offer no guarantee criminals will hold up their end. Why This Matters and How to Stay Ready This attack shows how real the threat has become. Even firms with solid reputations are at risk. It matters because stolen data: can leak, disrupt operations, and damage trust. A cyber security audit helps organisations spot weak spots before they’re breached. These audits review policies, systems and controls. They’re not just a checkbox but gives you insight into where you may be exposed. Having a strong cyber incident response teammatters too. When that team is ready, they can limit damage, contain the breach and coordinate with stakeholders fast. It changes how quickly you recover and how much you pay, financially and to your reputation. Here’s how a firm can take meaningful steps Carry out a cyber security audit on a regular schedule, or after big changes in systems or staff. This helps you find risks early. Build a cyber incident response team that includes tech, legal, comms and management. Practice the plan, so it works when it matters. Train teams so everyone knows how to respond. The technical crew acts fast, legal handles the fallout, and comms keeps everyone informed. Learn from others: this NZ firm, and the PEAR group’s tactics, show us that silent attacks can turn public fast. If your cyber incident response team is practiced and ready, you can move from chaos to control. Bringing audits and response plans together creates depth in your defence. A cyber security audit shows where threats can slip through. Your cyber incident response team is what catches them in action. Together they're your best defence. Companies also need tabletop exercises to practice response in a controlled way before a real crisis hits. The right mix of executives, technical teams, and business leaders must be involved to make it realistic and effective. Organization’s must also maintain compliance with relevant data protection and regulatory reporting requirements to avoid penalties and reputational damage. Ransomware resilience should be treated as a strategic issue, with regular oversight and discussion at the board level to ensure accountability and continuous improvement. Another breach in Australia that cost $12.5 billion in 2023-24.

3. Why You Need a Cyber Incident Response Team A breach like this one gives a sharp reminder: modern threats are relentless. Ransomware can happen fast and go public sooner. But companies can fight back. By using regular cyber security audits and keeping a well-trained cyber incident response team, your firm can stay resilient. You can contain damage, check the fallout, and rebuild trust—quickly and clearly. But most companies are not paying heed to the increasing need of cyber security. Some company or another is being attacked as you are reading this blog or as I am penning this down. You might think that they always target famous or known companies and they will never attack me. Small or big, once the attackers get a hand of you, it is very costly to get a hold of your situation. Be aware, get a hold of cyber security and keep your company safe. Get in touch with us at Cybernetic GI and we will take care of the rest. In 2025, if you do not have a ready cyber incident response team, you are likely to lose your business to a random ransomware hit. You never know when you are their next prey. Cybernetic GI will help you tighten your online security. Resource https://www.cyberneticgi.com/2025/08/20/ransomware-strikes-accounting-firm-what-went- wrong-next/ Cybernetic Global Intelligence Address: 318 Lambton Quay, Wellington Central, Wellington 6011, New Zealand Phone: +64 4 333 0395 Email: Contact@cybernetic-gi.com Web : https://www.cyberneticgi.com/