Ransomware Group: PLAY

VICTIM NAME: Banville Wine Merchants

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Banville Wine Merchants is a US-based national importer of fine wine, artisanal beer, and craft spirits with wholesale operations across several states. The leak page identifies Banville Wine Merchants as a ransomware victim and characterizes the incident as a data leak rather than encryption. The post was published on August 30, 2025; there is no explicit compromise date listed, so the post date serves as the reference. The page asserts that private and personal confidential data — including client documents, budgets, payroll, accounting records, taxes, IDs, and financial information — were affected. A claim URL is indicated on the page, but there are no screenshots or images displayed, and the reported data size remains undisclosed (noted as ??? gb). The post has 83 views, and no ransom figure or demand is disclosed.

In terms of evidence, the leak page contains no images or downloadable content beyond textual claims, with no links or attachments visible. The sole interactive element appears to be the indicated claim URL. The absence of images and the lack of a stated ransom amount are characteristic of a data-leak claim rather than an encryption event. The information points to potential exposure of sensitive client and financial data tied to a national importer, underscoring the risk to both the organization and its clients. Defanging any URLs, the page notes a claim URL is available, though no actual files or attachments are shown on the page.