The Play ransomware group has allegedly added four new US-based companies to its list of victims, claiming to have infiltrated their networks and exfiltrated sensitive data. The group, known for its double-extortion tactics, posted the names of the organizations on its dark web leak site on August 11, 2025, threatening to publish the stolen files if their ransom demands are not met. The targeted companies span various industries, from semiconductor manufacturing to agriculture and luxury yacht sales.
The threat actors have set a publication deadline of August 15, 2025, for all four victims, a common tactic used to pressure companies into negotiating. The group claims to have stolen a wide range of confidential information. While the exact volume of data exfiltrated from each company has not been disclosed, the hackers assert that the stolen files include private and personal confidential data, client documents, financial records, and employee information. The victims of this alleged multi-pronged attack include:
- Rite Track: A prominent supplier of customized equipment solutions for the semiconductor and other high-tech industries, founded in 1993.
- Travancore Analytics: A company operating in the business services sector.
- Bluewater Yacht Sales: A well-established boat dealer founded in 1972, specializing in the sale of yachts across the United States.
- The Scharine Group: An entity involved in the agriculture sector.
The attackers claim the compromised data for each company contains similar categories of sensitive information. The list of allegedly stolen data types includes:
- Private and personal confidential data
- Client documents
- Budgets
- Payroll records
- Accounting and tax documents
- IDs
- Finance information
