Ransomware Group: PLAY

VICTIM NAME: CNHI LLC

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to CNHI LLC, a manufacturing company based in the United States. The attack was confirmed to have occurred on May 21, 2025. The threat actors, classified under the group known as “play,” published a claim URL on the dark web, indicating their involvement in the incident. The leak includes a screenshot showcasing internal information, which suggests that sensitive data was accessed or compromised during the breach. The leak aims to expose the victim’s details and potentially pressure the company into paying a ransom to cease further disclosures. The incident’s timing and the presence of visual evidence highlight the seriousness of the data breach.

The leak page features a visual screenshot indicative of internal data or documents, serving as proof of the breach. The compromised information could impact the company’s operations and reputation. While specific stolen data items are not detailed publicly, the presence of a claim URL and visual evidence points to an active effort by cybercriminals to threaten or negotiate with the victim. The attack targeted the manufacturing sector within the US, emphasizing risks faced by industrial and commercial entities from ransomware groups. No additional technical specifics or list of leaked files are publicly disclosed, but the incident underscores the importance of cybersecurity measures in protecting sensitive corporate information.