Ransomware Group: PLAY

VICTIM NAME: Vernon Milling

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The victim identified on the leak page is Vernon Milling, a company operating within the manufacturing sector based in the United States. The breach was publicly disclosed on May 23, 2025, when sensitive information was leaked on the dark web. The leak was confirmed and detailed through a dedicated claim URL, which provides additional context regarding the attack. The site includes a screenshot of internal documents or data, indicating that the hackers obtained proprietary or confidential information during the attack. No specific details about the nature of the compromised data are provided beyond the mention of a data leak, and no explicit mention of illegal activities or harmful content is observed in the publicly available information.

The attackers, grouped under the name “play,” have made the leak accessible via a dark web link, which directs to an onion site. The breach’s discovery was recorded just shortly after the attack date, suggesting prompt reporting or detection. Although the details of the compromise such as exact data types or scope are not specified, the presence of a screenshot indicates the leak includes visual evidence of the compromised information. This incident highlights the ongoing risks faced by manufacturing companies in the US from cybercriminal groups seeking to threaten or extort organizations by exposing internal data publicly. The leak’s details have been preserved for further analysis while maintaining privacy and security protocols.