Ransomware Group: PLAY

VICTIM NAME: Greater Seattle Concrete

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to an incident involving a company based in the United States, operating within the construction industry. The affected entity is identified as Greater Seattle Concrete. The attack was publicly disclosed on May 21, 2025, and the breach was discovered shortly thereafter. The compromised data appears to include sensitive company information, although specific details have been redacted for privacy reasons. The page includes a visually displayed screenshot, which depicts internal documents or system interfaces related to the incident. No evidence suggests that the attackers stole particular types of data such as personal identifiable information or financial details.

The group responsible for the attack is identified as “play,” and there are no indications of additional duplicated leaks or archives associated with this incident. The leak page provides a link to a dark web claim URL, which is intended for proof purposes. The incident is notable due to its impact on a construction company in the U.S., highlighting the ongoing risks faced by firms in this sector from cybercriminal activities. No evidence of further malicious activity or extortion attempts beyond the initial breach is visible on the leak site. The shared screenshot offers a visual insight into the attack’s footprint but does not compromise personal or sensitive information directly.