Ransomware Group: PLAY

VICTIM NAME: Earthadelic

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Earthadelic, a United States-based contractor operating in the commercial and residential construction sector, is identified as the victim on the leak post. The item is dated October 2, 2025, and the page states that private and personal confidential data — including client documents, budgets, payroll records, accounting information, taxes, identification details, and financial information — have been exposed as part of a data-leak event. The post does not provide a confirmed compromise date beyond the post date, and there is no ransom amount disclosed in the accessible fields. A claim URL is indicated on the page, suggesting extortion or data-release activity, though the exact link is not shown in the provided data. The post has 465 views, and there are no downloads or image attachments listed. The page references the victim’s site in defanged form as Earthadelic[.]com.

In terms of media, the leak page contains no screenshots or images (images_count is 0) and does not list any downloadable files or external links beyond the noted claim URL. The data’s size is not disclosed (size_gb is shown as ??? gb), which limits the ability to gauge the scale of exfiltrated information from the public record. Taken together, the content points to a data-leak scenario rather than a crypto- or ransomware-encryption event, with sensitive client and financial data highlighted as the primary risk. The page’s reference to Earthadelic’s site is defanged to Earthadelic[.]com.

Overall, the leak post frames Earthadelic as the victim of a data-exfiltration incident affecting sensitive documents and financial data tied to a construction industry context. The published date serves as the temporal anchor (October 2, 2025), while no explicit compromise date or ransom figure is provided in the available data. Organizations and partners associated with the construction sector should consider monitoring for any follow-up disclosures and assess data-handling practices in light of the potential exposure of client and financial information.