[PLAY] – Ransomware Victim: Aphase II

AI Generated Summary of the Ransomware Leak Page

On 2025-10-31, a ransomware leak post identifies Aphase II as a victim connected to the group “play” and based in Japan. The post describes the victim as operating in the Automotive Service & Collision Repair sector, and frames the incident as a data-leak rather than full encryption, alleging that private and personal confidential data, client documents, budgets, payroll, IDs, taxes, financial information and related material were exfiltrated. The metadata indicates the entry was added on 2025-10-28 and published on 2025-10-31, meaning the disclosure date is the post date. The page reportedly includes a claim URL, although the raw data provided does not reveal the actual address. There are no visible screenshots or images attached in the dataset, and the body excerpt references Aphase II with a defanged link to its site (hxxp://www[.]aphaseii[.]com).

Data volume is not disclosed; the size is shown as unknown (??? gb) in the metadata, and the page has 104 views. The post does not provide a ransom figure or encryption detail in the excerpt available here. The leak focuses on the exposure of private and personal confidential data, including client documents, budgets, payroll, IDs, taxes, and financial information, which is consistent with a data-leak scenario rather than a traditional encryption event. The victim is indicated as being in Japan, and the described industry aligns with Automotive Service & Collision Repair. A claim URL is reportedly present on the page, but the exact address is not exposed in the provided data. The absence of screenshots and the defanged domain reference in the body excerpt are notable, suggesting limited publicly accessible material beyond the listed data categories.