The Play ransomware group has allegedly updated its data leak site, claiming responsibility for breaching four companies based in the United States. The threat actor added the new victims to their list on September 1, 2025, setting a deadline of September 5, 2025, after which they threaten to publish stolen data if their ransom demands are not met. The targeted companies operate across diverse sectors, including construction materials, excavation, industrial design, and biochemicals.
The victims of this alleged multi-pronged attack include:
- 🇺🇸 All States Materials Group: Headquartered in Sunderland, Massachusetts, ASMG is a major supplier of liquid asphalt, construction aggregates, hot mix asphalt, and ready-mix concrete throughout the northeastern United States.
- 🇺🇸 Vanderpool Construction: A family-owned commercial and residential excavation business based in Indianola, Iowa. The company specializes in site development, underground utility work, and property demolition.
- 🇺🇸 Juggernaut: Operating as Juggernaut Design, this US-based company engineers and manufactures rugged hardware, including durable cases and mounts for electronic devices used by adventurers and military personnel.
- 🇺🇸 Arboris: A global leader in the manufacturing of plant sterols and other biorenewable materials derived from pine trees. Their products are used in heart-healthy foods and as starting materials for pharmaceuticals.
The attackers claim to have exfiltrated a significant, though unspecified, amount of sensitive information from each company. The compromised data allegedly includes a wide range of confidential files. The group has listed the following types of information as stolen:
- Private and personal confidential data
- Client documents
- Budget and payroll records
- Accounting and tax documents
- IDs and other personal identification
- Finance information
