Ransomware Group: PLAY

VICTIM NAME: eShipGlobal

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 21, 2025, the leak page identifies eShipGlobal as the victim of a ransomware-related incident. The page frames the event as a data-leak rather than a purely encryption-based attack and states that sensitive corporate information has been exfiltrated. It categorizes the victim within the Technology sector and ties the content to Transportation, Logistics, Supply Chain and Storage, indicating the page centers on a logistics-focused operation. The post notes that part of the stolen data has already been published and cautions that a full data dump may be released if there is no reaction from the victim. There is no explicit compromise date provided beyond the post date in the available data.

The page’s excerpt references the domain eshipglobal[.]com, and the accompanying metadata shows that the leak includes private and confidential data such as client documents, budgets, payroll information, identifiers, tax details, and financial data. The post states that a portion of this material has been published so far, with the threat of a full dump should the victim fail to respond. No ransom amount is visible in the provided data, and the page shows no attached screenshots or external links. The exact data volume is not disclosed (marked as unknown), and the page presents the information in a neutral tone consistent with a data-leak narrative rather than a straightforward encryption claim.