Ransomware Group: PLAY

VICTIM NAME: Logan & Mencuccini

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Logan & Mencuccini is the victim named on the leak page, identified as a law firm within the legal services sector. The page presents the incident as a data-leak event rather than a purely encryption-based compromise, stating that private and personal confidential data from clients, as well as internal firm documents, may have been accessed and exfiltrated. The data categories cited include private client documents, budgets, payroll, accounting records, taxes, identification data, and financial information, signaling a broad set of sensitive material potentially at risk. A claim URL is indicated as present on the page, but the page itself contains no visible screenshots or images (the page shows zero images). The reported data volume is not disclosed, shown as ??? gb. The post carries a publication date of August 31, 2025, with an added date of August 26, 2025, and it has about 90 views. The body excerpt on the page is simply the victim’s name: Logan & Mencuccini.

From the content and metadata, the page frames the event as a data-leak scenario rather than a straightforward encryption event. The description, aligned with the firm’s industry designation of law firms and legal services, emphasizes the exposure of confidential information such as client documents and financial details (budgets, payroll, accounting, taxes, IDs, and related data). There is no explicit ransom figure or encryption status provided in the available data, and there is no evidence of downloadable files or attached documents (downloads_present is false) or images (images_count is 0). The post date is clearly established as August 31, 2025 (with the added date of August 26, 2025), suggesting the disclosure window surrounding the incident rather than a disclosed compromise date.

Operationally, the leak page’s content and its metadata point to a data-exfiltration claim typical of ransomware operators seeking public attention or negotiating leverage, rather than a documented encryption event. The victim name Logan & Mencuccini is preserved in this summary, while any other identifying information that could be considered PII has been redacted. There are no URLs presented in this summary, and no imagery is attached to the page, which limits visible evidence to textual claims and the stated claim URL. Readers should monitor for additional disclosures from the firm or security researchers to confirm the scope of data exposure and potential remediation steps.