Ransomware Group: PLAY

VICTIM NAME: Metric

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to an entity identified as “Metric,” which is associated with a data breach discovered on July 3, 2025. The incident was attributed to a hacking group known as “play,” although specific details about the activity sector remain unavailable. The breach was reported with an attack date corresponding to the same day, indicating that the compromise occurred recently. The leak involves potentially sensitive information, although no explicit data or documents are disclosed on the public page. The victim appears to be based in Canada, as indicated by the brief description, but detailed geographic or organizational information has not been made available. No screenshots or additional data have been provided for review. The claim URL links to a dark web resource where further details or potentially leaked data might be accessible, though specific content is not openly disclosed in the summary.

The webpage includes a reference to a downloadable claim link, suggesting that the threat actors may be offering access to leaked files or data as part of their extortion tactics. The primary focus of the leak appears to be around threatening to release or publish compromised data, but explicit details remain confidential or unshared publicly. The attack is recent, with the discovery timestamp aligning with the attack date, emphasizing the urgency for affected parties to assess any potential impact. No personal or PII details are revealed in this summary, maintaining a professional and sanitized overview suitable for public dissemination. Overall, the leak underscores the ongoing threat landscape and the importance of cybersecurity vigilance.