The Play ransomware group has claimed responsibility for a significant cyberattack, allegedly compromising a diverse group of thirteen companies based in the United States. The threat actors added the victims to their data leak site on September 10, 2025, setting deadlines between September 13 and September 14 for the publication of stolen data. This attack spans multiple critical sectors, including manufacturing, aerospace, construction, and technology services, highlighting the broad reach of the ransomware operation.
The victims of this widespread campaign allegedly include:
- 🇺🇸 GL Veneer: A global supplier of wood veneer and custom panels for architects, interior designers, and woodworkers.
- 🇺🇸 Edwards Interiors: A company founded in 1999 that specializes in manufacturing and repairing high-quality aircraft cabinetry and precision sheet metal fabrication for the aerospace industry.
- 🇺🇸 Rising Star Hydraulics: A leading company in the industrial control industry, providing innovative solutions and cutting-edge technology.
- 🇺🇸 Cool Wind Ventilation: A New York-based company that has been manufacturing and installing sheet metal ductwork for HVAC systems in commercial buildings since 1974.
- 🇺🇸 GDZ Computer Services: An information technology solutions company established in 1985, specializing in integrated business solutions for the maritime shipping industry.
- 🇺🇸 Celtic Engineering: An engineering firm that provides a range of services, including structural and mechanical engineering, project management, and peer review services.
- 🇺🇸 Reliable Roofing: A Florida-based, owner-operated business specializing in roof replacement and repair services for shingle, metal, tile, and flat roof systems.
- 🇺🇸 Royal Machine & Tool: A company with over 70 years of experience in designing and building custom and standard workholding devices, such as chucks and fixtures.
- 🇺🇸 Anderson Aluminum: A leading company in the glazing industry for over 40 years, known for delivering innovative and high-performing facades and custom unitized curtain walls.
- 🇺🇸 JIT Energy Services: A global distributor of systems, parts, equipment, and software for the electronics, semiconductor, and energy industries.
- 🇺🇸 Mayors Machine Works: A family-owned business with over 31 years of experience in providing precision CNC machining, turning, and welding services.
- 🇺🇸 HD Media Systems: A technology company specializing in custom installations of audio/video systems, home theaters, automation, security, and network integration.
- 🇺🇸 Baum Precision Machining: A company with over three decades of experience in providing precision CNC machining services for the aerospace, avionics, defense, and commercial sectors.
According to the claims made by the Play ransomware group, a vast amount of sensitive information was exfiltrated from each victim. The compromised data allegedly includes private and confidential information, client documents, financial records such as budgets and payroll, accounting and tax information, and personal identification documents. The group has threatened to publish this data if their demands are not met by the specified deadlines.
