Ransomware Group: PLAY

VICTIM NAME: Sorter Construction

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to a ransomware attack targeting Sorter Construction, a company involved in the construction industry. The attack was discovered on June 3, 2025, with the breach date also recorded as June 3, 2025. The incident is notable within the construction sector in the United States, although specific country details are not explicitly listed. The page includes a screenshot of compromised data, which may contain internal documents or sensitive information, but the actual contents are not displayed here. Download links or evidence of data leaks are available through the provided claim URL, indicating that the attackers have published some of the stolen data on their dark web portal.

The leak platform features a screenshot depicting what appears to be internal documentation or possibly confidential files related to the building company. The breach was claimed by a group labeled “play,” suggesting it was part of a coordinated ransomware operation. The site hosts a URL link to further details on the incident and offers evidence of the data compromise. No personally identifiable information about employees or clients is disclosed in this report, maintaining a focus on the incident’s technical and operational context. The incident underscores the cybersecurity risks faced by construction firms and highlights the importance of data security measures in safeguarding sensitive project and business information.