Play Ransomware Claims Breach of Swedish Demolition Giant Brokk, Threatens Data Leak
The Russia-linked Play ransomware operation has allegedly stolen and exposed a 4 GB dataset from Brokk, a leading Swedish manufacturer of remote-controlled demolition machinery. The group threatened to leak the full trove of stolen data if the company fails to meet its ransom demands.
The compromised dataset reportedly includes sensitive internal documents, such as financial records, budgets, payroll information, employee IDs, tax details, and client files. While the legitimacy of Play’s claims remains unverified, security researchers at Cybernews warn that such a breach could inflict reputational damage on Brokk, along with long-term risks tied to exposed personally identifiable information (PII). Leaked employee data may lead to targeted scams and prolonged security and compliance challenges.
Play ransomware, active for the past three years, has claimed over 1,100 victims to date, with recent targets including Jamco Aerospace and ADC Aerospace. The group’s latest alleged breach underscores the persistent threat posed by ransomware operations to industrial and corporate sectors.
Source: https://www.scworld.com/brief/brokk-purportedly-hacked-by-play-ransomware-data-leaked
BROKK cybersecurity rating report: https://www.rankiteo.com/company/brokk-ab
"id": "BRO1775255970",
"linkid": "brokk-ab",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Manufacturing (Remote-controlled '
'demolition machinery)',
'location': 'Sweden',
'name': 'Brokk',
'type': 'Company'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Financial records',
'Budgets',
'Payroll information',
'Employee IDs',
'Tax details',
'Client files']},
'description': 'The Russia-linked Play ransomware operation has allegedly '
'stolen and exposed a 4 GB dataset from Brokk, a leading '
'Swedish manufacturer of remote-controlled demolition '
'machinery. The group threatened to leak the full trove of '
'stolen data if the company fails to meet its ransom demands. '
'The compromised dataset reportedly includes sensitive '
'internal documents, such as financial records, budgets, '
'payroll information, employee IDs, tax details, and client '
'files.',
'impact': {'brand_reputation_impact': 'Reputational damage',
'data_compromised': '4 GB dataset',
'identity_theft_risk': 'Targeted scams and prolonged security and '
'compliance challenges'},
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Play'},
'references': [{'source': 'Cybernews'}],
'threat_actor': 'Play ransomware operation',
'title': 'Play Ransomware Claims Breach of Swedish Demolition Giant Brokk, '
'Threatens Data Leak',
'type': 'Ransomware'}