Ransomware Group: PLAY

VICTIM NAME: EMX Enterprises

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a victim identified as EMX Enterprises, based in Canada. The breach was publicly disclosed on May 9, 2025, and the attack was also dated on the same day. The page includes a screenshot capturing internal data or communications, indicating that sensitive information may have been compromised. However, specific details about the type of data leaked are not provided. The leak originates from a dark web forum associated with a group identified as “play”. No direct information about the nature of the stolen data or targeted systems is available from the summary. The incident has been documented and is accessible through a dedicated URL, which serves as a portal to further details.

There are no indications of additional compromised entities or related information beyond the current listing. The page suggests the presence of potentially sensitive or confidential information, as implied by the inclusion of a screenshot. The breach date and discovering date are closely aligned, indicating a recent incident at the time of reporting. The attack appears to involve a ransomware affiliate or actor aiming to publish or threaten data exposure. Nonetheless, neither explicit data content nor the method of breach is detailed here. The leak’s public availability signals ongoing negotiations or extortion efforts typical of ransomware incidents, aimed at pressuring the victim for ransom payments or data recovery.