Ransomware Group: PLAY

VICTIM NAME: Sweet Shop USA

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a victim identified as “Sweet Shop USA,” a company engaged in consumer services based in the United States. The attack was discovered on May 9, 2025, at 19:15 UTC, with the attack date recorded as May 9, 2025, at 19:13 UTC. The incident involves a data breach that exposed various information related to the company, which has been publicly accessed through an onion link for further details. The leak is part of a group known as “play,” indicating the threat actor’s classification. The page includes a publicly available screenshot showing internal details, possibly sensitive, related to the victim’s operations. The breach’s specifics could include the leak of confidential company information, but no explicit PII or customer data is visible or included in the summary. The attacker has not disclosed specific technical details or a press statement at this time.

The leak page features a link to a dark web platform where further information is hosted, allowing interested parties to verify or retrieve leaked data. It appears to be a targeted ransomware attack aimed at exposing sensitive business data as part of extortion or public shaming. The attack’s timing suggests it was quickly discovered after compromise, with visual evidence shown through the provided screenshot that highlights internal documents or information related to the company’s operations. No information about the specific methods of attack or the extent of the data compromised has been publicly detailed. The incident underscores ongoing risks faced by companies in the consumer services sector within the US, emphasizing the importance of cybersecurity preparedness against ransomware threats.