Dragons Eye
Dragons EyeRansomware Tracker
DashboardVictimsGroupsRansom NotesDecryptorsNegotiationIOCStatistics
Dragons Community
Information & Disclaimer
← Back to Groups
PL

play

🟒 Activeβœ“ Parser

Status

Active

Total Victims

1,157

Active Sites

11 / 12

Has Parser

Yes

Top Target Countries

πŸ‡ΊπŸ‡Έ USπŸ‡¨πŸ‡¦ CA🌍 UnknownπŸ‡¬πŸ‡§ GBπŸ‡©πŸ‡ͺ DE

Top Target Industries

ManufacturingBusiness ServicesTechnologyConstructionTransportation/Logistics
Country Distribution
πŸ‡ΊπŸ‡Έ US831
πŸ‡¨πŸ‡¦ CA90
🌍 Unknown36
πŸ‡¬πŸ‡§ GB35
πŸ‡©πŸ‡ͺ DE31
πŸ‡³πŸ‡± NL14
πŸ‡ΈπŸ‡ͺ SE14
πŸ‡«πŸ‡· FR10
Site Locations (12)
Description

Initially observed in June 2022, the Play ransomware (a.k.a PlayCrypt) operates through double extortion, targeting numerous organizations in Latin America. Its Initial Access method is quite similar to other ransomwares, involving attacks such as Phishing, Exposed Services to the Internet, and Valid Account compromises. On April 19, 2023, the security company Symantec published two new tools developed by the Play group. These tools allow the malicious actor to enumerate and exfiltrate data from the internal network. The post mentions the following: 'Play threat actors use the .NET infostealer to enumerate software and services via WMI, WinRM, Remote Registry, and Remote Service. The malware checks for the existence of security and backup software, as well as remote administration tools and other programs, saving the information in .CSV files that are compressed into a .ZIP file for later manual exfiltration by threat actors.'Source: https://github.com/crocodyli/ThreatActors-TTPs

Ransom Notes (3)
ReadMe2.txtPlay - ReadMe2
Your network has been encrypted. Your private, personal, corporate, confidential data has been stolen.
If you do not resolve the issue, your data will be published on our leak portal.
News portal, tor network links: 
ipi4tiumgzjsym6pyuzrfqrtwskokxokqannmd6sa24shvr7x5kxdvqd.onion
j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion
contact email: raniyumiamrm@gmx.de
PLAY Ransomware Team
ReadMe.txt
Recent Victims (1,157 total)
View All
VictimCountryIndustryDate
T a Solberg
www.tasolberg.com
UnknownN/AMar 7, 2026
Don E Bower
www.donebowerinc.com
UnknownN/AMar 7, 2026
Design To Print
www.designtoprint.com
UnknownN/AMar 7, 2026
Select Tool
www.selecttool.com
UnknownN/AMar 7, 2026
DFW Aero Mechanix
www.dfwaero.com
mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion
DLS
activeLast scrape: 12 Jan 2026, 06:58
k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion
DLS
activeLast scrape: 12 Jan 2026, 06:59
mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion
DLS
activeLast scrape: 12 Jan 2026, 07:05
j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion
DLS
activeLast scrape: 12 Jan 2026, 07:06
75tkvxemb6zpyk3fbl3mwm32jklc2sdjacb3kazrioamopbfn2w2z5qd.onion
DLS
activeLast scrape: 12 Jan 2026, 07:07
b3pzp6qwelgeygmzn6awkduym6s4gxh6htwxuxeydrziwzlx63zergyd.onion
DLS
activeLast scrape: 12 Jan 2026, 07:09
ipi4tiumgzjsym6pyuzrfqrtwskokxokqannmd6sa24shvr7x5kxdvqd.onion
DLS
activeLast scrape: 12 Jan 2026, 07:10
k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion
DLS
activeLast scrape: 12 Jan 2026, 07:11
mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion
DLS
activeLast scrape: 12 Jan 2026, 07:13
p2qzf3rfvg4f74v2ambcnr6vniueucitbw6lyupkagsqejtuyak6qrid.onion
DLS
activeLast scrape: 12 Jan 2026, 07:14
whfsjr35whjtrmmqqeqfxscfq564htdm427mjekic63737xscuayvkad.onion
DLS
activeLast scrape: 12 Jan 2026, 07:15
x6zdxw6vt3gtpv35yqloydttvfvwyrju3opkmp4xejmlfxto7ahgnpyd.onion
DLS
unknownLast scrape: 12 Jan 2026, 07:20
.play
Play Ransomware Note
PLAY

Hello

Your files have been encrypted by PLAY.
For decrypt your files you need to contact us.

Email: [EMAIL]

!!! ATTENTION !!!
DO NOT MODIFY ENCRYPTED FILES.
DO NOT USE THIRD PARTY SOFTWARE.
play.txtPlay - play
PLAY
teilightomemaucd@gmx.com
View All Ransom Notes
Unknown
N/A
Mar 7, 2026
Garland Williams & Associates
www.garlandwilliamscpa.com
UnknownN/AMar 7, 2026
Equine Canada
www.equestrian.ca
UnknownN/AMar 3, 2026
GapVax
www.gapvax.com
UnknownN/AMar 3, 2026
Gordon/Clifford Realty
www.gordoncliffordmanagement.com
UnknownN/AMar 3, 2026
Cabka
www.cabka.com
UnknownN/AMar 3, 2026
The Kuker Group
www.ohklegal.com
UnknownN/AMar 3, 2026
LRA Constructors
www.lraconstructors.com
UnknownN/AMar 3, 2026
Cobblestone Creek Country Club
www.cobblestonecreekcc.com
UnknownN/AMar 3, 2026
Project Consulting Services
www.projectconsulting.com
UnknownN/AMar 3, 2026
Go Professional Cases
www.goprofessionalcases.com
UnknownN/AMar 3, 2026
WCC Technologies Group
www.wcctechgroup.com
UnknownN/AMar 3, 2026
Favaro Lavezzo Gill Caretti
www.flgch.com
UnknownN/AMar 3, 2026
Landmark Rehab Group
www.landmarkrehabgroup.com
πŸ‡ΊπŸ‡Έ USConstructionFeb 27, 2026
BT Services
www.btrefservices.com
πŸ‡ΊπŸ‡Έ USConstructionFeb 27, 2026
Integrity Building
www.ibcaz.com
πŸ‡ΊπŸ‡Έ USConstructionFeb 27, 2026