Ransomware Group: PLAY

VICTIM NAME: Dataforth

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Dataforth, a US-based technology company that focuses on signal conditioning, data acquisition, data communication, and monitoring for industrial settings, is identified as the victim in a ransomware leak post dated 2025-10-09. The leak page outlines Dataforth’s product portfolio, including isolated analog I/O families, data acquisition systems, IoT energy monitoring modules, and a range of software solutions. The post asserts that private and confidential data—spanning client documents, budgets, payroll, accounting records, taxes, IDs, and financial information—has been accessed and potentially exfiltrated. The incident is framed as a data-leak event rather than an encryption breach, and no ransom figure is disclosed on the page. A claim URL is provided on the leak page, but the publicly visible metadata does not display any direct data samples or file listings.

Metadata accompanying the leak listing identifies the threat group as “play” and lists Dataforth as the victim. The page shows 87 views and indicates no screenshots, downloads, or image attachments (images_count: 0; downloads_present: false). There is no disclosed compromise date; the post date (publication date) is 2025-10-09. The description reiterates Dataforth’s industrial focus and notes that confidential information—including client documents and financial records—may have been exposed, underscoring risk to privacy and operations. The leak page provides a claim URL for potential negotiation or verification, but no ransom amount is specified on the page itself. The volume of data exfiltrated is not disclosed (size_gb shown as ??? gb).