The Play ransomware group has allegedly added two new US-based companies to its dark web leak site, claiming successful cyberattacks. The group has threatened to publish stolen data if their ransom demands are not met, setting a deadline of July 27, 2025. The victims operate in the construction and logistics sectors, highlighting the indiscriminate nature of these attacks which can disrupt critical supply chain and infrastructure-related services.
The targeted organizations are:
- πΊπΈ DA Whitacre Construction: A United States-based firm specializing in both commercial and residential construction projects.
- πΊπΈ Ka Logistics: A family-owned American trucking and freight transportation company with over a decade of experience in the logistics industry.
The threat actors claim to have exfiltrated a significant amount of sensitive information from both companies. The allegedly stolen data includes a wide range of confidential files, which could have severe consequences for the companies, their employees, and their clients if released publicly. The group has listed the following types of data as compromised:
- Private and personal confidential data
- Client documents
- Budget, payroll, and accounting information
- Tax documents
- Employee and client IDs
- Financial information
