The Play ransomware group has targeted four U.S.-based companies across various industries, exfiltrating sensitive data and threatening to publish it. The threat group employs double-extortion tactics, demanding ransom to prevent the leak of private, financial, and client information. #PlayRansomware #DarkWebLeaks
Keypoints
- The Play ransomware group has added four new U.S.-based companies to its victim list in August 2025.
- The group claims to have stolen sensitive data including personal, financial, and client documents.
- The targeted companies operate in high-tech manufacturing, business services, yachting, and agriculture sectors.
- The hackers have set a deadline of August 15, 2025, for the victims to negotiate or face data publication.
- The types of stolen data include confidential information, payroll records, budgets, and IDs.