Ransomware Group: PLAY

VICTIM NAME: All Book Covers

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the victim organization named “All Book Covers,” which operates within the consumer services industry in the United States. The attack on this entity was confirmed to have occurred on April 22, 2025. The webpage includes a screenshot illustrating some aspect of the data leak, providing visual evidence of compromised information. The page contains a link to a claim portal hosted on the dark web, which victims or interested parties can access for further details or to verify the breach status. This leak appears to be part of a group identified as “play,” indicating the threat actor responsible for the attack. Although the specifics of the data compromised are not publicly detailed, the site suggests that sensitive information related to the organization’s operations may have been accessed or exfiltrated. The leak is publicly documented with a visual preview, reinforcing the seriousness of the breach. No explicit personal or financial data are revealed in the summary, and the incident underscores ongoing cybersecurity risks faced by organizations in the consumer services sector in the US.

The threat actor has provided a dark web link where further information or possibly recovered data can be claimed or reviewed. The date and time of discovery suggest that the breach was identified shortly after the attack, allowing for prompt documentation. The attack impact, although not specified in detail, signifies a breach that has drawn public attention through this leak portal. The screenshot included on the site shows evidence of data exposure, emphasizing the breach’s severity. No additional information about the victim’s internal data, specific files, or the nature of the leaked content is disclosed publicly. Organizations in the consumer services sector should be aware of such threats and consider strengthening their cybersecurity defenses to prevent similar incidents.