Ransomware Group: PLAY

VICTIM NAME: IMSSA Manufacturing

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a manufacturing company operating in the United States, identified as IMSSA Manufacturing. The data breach was publicly disclosed on July 16, 2025, indicating that the organization experienced a cyberattack leading to a data compromise. The leak was reported through a dark web portal, with a specific claim URL provided for further investigation. The incident involves a suspected data exfiltration, potentially including sensitive business information, although detailed content of the leaked data has not been publicly specified. The page includes a visual screenshot of internal documents or system screenshots, which appear to verify the attack’s legitimacy.

The threat actors, associated with a group calling themselves “play,” have published this information as part of their extortion tactics. The disclosed details could potentially impact the company’s operations and reputation, emphasizing the importance of prompt cybersecurity measures. The leak appears to be part of a larger campaign targeting manufacturing entities, with the attack date recorded as July 16, 2025. No additional personal or PII information is available within the leak, but the presence of download links or data samples suggests that the attackers may offer further details or proof of compromise. The inclusion of images indicates the leak may contain visual evidence of internal systems or documents.