Pear Ransomware Strikes Again: Law Firm Powell, Powell & Powell, P.A. Added to Leak Site

In a chilling escalation of cyber extortion, the notorious Pear ransomware group has publicly listed Powell, Powell & Powell, P.A., a legal practice, as its latest victim. The revelation, surfaced on April 9, 2026 via ransomware.live, underscores the relentless targeting of the legal sector by cybercriminals and raises urgent questions about the resilience of law firms in the digital age.

Fast Facts

• Victim: Powell, Powell & Powell, P.A., a legal firm
• Ransomware group: Pear
• Incident discovered: April 9, 2026
• Estimated attack date: April 6, 2026
• Leak publicized on ransomware.live

The Anatomy of a Modern Law Firm Attack

While details remain scarce, the attack on Powell, Powell & Powell, P.A. fits a troubling pattern. Ransomware groups are increasingly targeting law firms, exploiting their sensitive data and the high stakes of client confidentiality. The Pear group, a relatively new but rapidly infamous player, has built its reputation on naming and shaming victims through dedicated leak sites, hoping the public exposure will pressure organizations to pay hefty ransoms.

In this case, the attack likely unfolded over several days, with the group infiltrating the firm's digital infrastructure, encrypting critical files, and threatening to release confidential data unless payment is made. The appearance of DNS records for the firm's domain in public indexes hints at possible reconnaissance or exploitation of network vulnerabilities.

The legal sector remains a prime target due to its troves of sensitive information - everything from private client communications to court strategies. For a firm like Powell, Powell & Powell, P.A., the reputational and operational fallout could be immense, even if the full extent of data compromised remains unclear. The public leak, even without direct evidence of stolen files, is a stark warning: no organization is immune, and the cost of inadequate cyber defenses is rising.

Ransomware.live, which tracks and indexes these incidents, emphasizes that it does not handle or distribute stolen data, instead serving as a watchdog and resource for researchers and the public. The site's disclaimer highlights the growing ecosystem of cybercrime monitoring - and the challenges of transparency in an era where leaks are weaponized.

Looking Forward: A Legal Sector Under Siege

The Pear attack is yet another wake-up call for the legal industry. As ransomware tactics evolve and criminal groups become more brazen, law firms must prioritize cybersecurity - not just to protect their business, but to uphold their duty to clients. For Powell, Powell & Powell, P.A., the road to recovery may be long, but their experience serves as a cautionary tale for professional services everywhere: the threat is real, and the time to act is now.

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Leak Site: A leak site is a website where cybercriminals post or threaten to post stolen data to pressure victims into paying a ransom.
• DNS Records: DNS records are digital instructions that direct internet traffic to the right servers, ensuring websites and services are accessible and secure.
• Exfiltration: Exfiltration is the unauthorized transfer of sensitive data from a victim’s network to an external system controlled by attackers.
• Reconnaissance: Reconnaissance is the early stage of a cyberattack where attackers gather information about a target to identify weaknesses and plan their approach.