Ransomware Group: PLAY

VICTIM NAME: ECOM America

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to a cybersecurity incident involving a victim identified as ECOM America, located in the United States. The incident was publicly disclosed on May 1, 2025, indicating a recent compromise. The page includes a screenshot illustrating internal information, suggesting that sensitive data was accessed or exposed during the breach. The details provided do not specify the type of data compromised but imply that the attacker may have gained access to internal systems. The group responsible is identified as “play,” a known threat actor in the ransomware landscape. No additional infostealer or detailed attack vectors are noted in the available information. The leak also provides a claim URL on an onion site for further verification or claims related to the breach.

The webpage indicates that the attacker may have included encrypted data or information that is not available for public extraction. No explicit mention of data types, such as financial or personal information, is provided. The presence of a screenshot gives a visual representation of some internal data or documents, though specific content details are not disclosed here. The incident’s discovery timestamp strongly suggests the breach was recent at the time of posting. The victim operates within the US, and the overall activity appears related to cybercriminal operations focusing on data theft and ransom demands. No direct download links or evidence of data leaks other than the visual screenshot are included in the available data.