The Play ransomware group has allegedly added four US-based companies to its data leak site, claiming to have successfully breached their networks. The threat actor listed the companies on August 6, 2025, and has set a publication deadline of August 10, 2025. This move suggests that the victims have not complied with the ransom demands, prompting the group to threaten the public release of stolen data.
The targeted organizations operate across various critical sectors, including aerospace, manufacturing, agriculture, and chemicals. The addition of these companies to the ransomware group’s leak blog serves as a pressure tactic, aiming to coerce payment by threatening reputational damage and the exposure of sensitive information. The list of victims includes prominent names vital to their respective industries.
The victims allegedly targeted by the Play ransomware group are:
- The Magni Group: A company specializing in chemicals and related products, known for its corrosion-resistant coatings.
- Brad’s Bedding Plants: An agricultural business focused on providing bedding plants.
- Emprise: A firm operating in the manufacturing sector.
- Jamco Aerospace, Inc.: A key player in the aerospace industry, providing comprehensive machining and airframe sub-assembly services for both prototypes and full-scale production.
The ransomware group claims to have exfiltrated a significant amount of sensitive data from each company. The types of data allegedly stolen include:
- Private and personal confidential data
- Client documents
- Budgets
- Payroll information
- Accounting and tax records
- IDs
- Financial information
