Ransomware Group: PLAY

VICTIM NAME: Greenscape Pump Services

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Greenscape Pump Services, a United States-based manufacturing company, is identified as the victim on a ransomware leak page attributed to the actor group labeled “play.” The post date is 2025-08-18, and there is no explicit compromise date provided; thus, the post date serves as the reference for when the breach was disclosed. The leak page includes a description of GPSI Water as a separate organization involved in designing and constructing water features, but the primary focus concerns Greenscape Pump Services. The page states that private and personal confidential data—such as client documents, budgets, payroll records, IDs, taxes, and financial information—have been exfiltrated, with part of this data already published and a warning that a full dump may follow if there is no reaction.

The post has 881 views. It frames the incident as a data leak rather than encryption, and notes that there are no screenshots or images attached to the page. The leak provides two defanged onion download links for the data archive (identified as GRPS); the data size is not disclosed (marked as “??? gb”). A password for the archive is listed on the page, though the exact value is not reproduced in this summary. The metadata shows an added date of 2025-08-14 and a publication date of 2025-08-18. If there is no reaction from the victim or others, the page indicates that a full data dump will be uploaded. The page also mentions that private and confidential material may include client documents and internal financial information, which underscores the sensitivity of the data involved.