Play ransomware – A Russian-language ransomware operation calling itself “Play” says it stole MyPillow data and posted the claim with a Friday deadline. Mike Lindell denies any breach, adding that he’s the target of a political hit job as he seeks Minnesota governor. The MyPill
Monday’s dark-web posting carried the kind of specificity that makes breach claims feel real before they’re proven. A Russian-language ransomware operation known as “Play” said it had pulled “private and personal confidential data. clients’ documents. budget. payroll. IDs. taxes. ” along with other financial records from MyPillow.
The company at the center of the allegation is Minnesota-based home goods retailer MyPillow, run by Mike Lindell. Lindell is also one of at least 10 Republicans seeking the party’s nomination for governor of Minnesota in August’s primary. He’s been a prominent supporter of Donald Trump’s false claims of victory in the 2020 election—meaning that. for many readers. this story isn’t only about cybersecurity. It’s also about power, politics, and credibility.
Play reportedly set a Friday deadline for MyPillow to make contact before publishing the data online. Lindell responded quickly and forcefully, telling Straight Arrow News that his company was not hacked and calling the allegations a political hit job.
“This is another hit job by outside sources because I’m running for governor,” Lindell said. “I guarantee it. We do not have any breaches in our data at all.”
That denial lands in a backdrop where Lindell has already been punished in court for defamation tied to his 2020 election claims. A federal jury in Colorado last year found that he had defamed Eric Coomer. a former Dominion Voting Systems director. and ordered Lindell and his media platform. FrankSpeech. to pay $2.3 million in damages. Separately. a federal judge in Minnesota ruled in September that Lindell had defamed Smartmatic through 51 false statements about its voting machines. with damages still to be set at trial.
For ransomware victims, though, the dispute may be less important than the method. The broader cyber landscape described in the same source material points to why claims like Play’s are getting louder and more dangerous. In recent years. ransomware groups have become more aggressive and ruthless. shifting toward stealing data and extorting companies rather than using malware to lock computer systems. In rarer cases. ransomware groups have even threatened executives or contacted people named in stolen data to try to obtain payment.
This week, the FBI said one ransomware group is going even further: sending people to steal data directly from companies IRL.
Among the most striking details is the FBI’s description of the Silent Ransom Group (SRG). which is targeting law firms. The FBI said SRG actors have sent people to company offices to directly get access to computers. “By sending someone in person to the victim’s location to facilitate the intrusion. SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim’s computer. ” the FBI said in an alert. The FBI added that security researchers say this tactic hasn’t been seen before. The FBI did not provide information about who the Russian-speaking ransomware group was sending. but researchers believe they could be paying freelancers who do not necessarily know who they are working for.
The human stakes of that kind of intrusion are immediate: it compresses time, removes the distance that most victims rely on, and turns security incidents into something more personal—staff members finding unfamiliar people in the building, and data being copied with a drive inserted on-site.
Even as cybercrime intensifies. the same report also points to the ways the wider digital environment is changing what attackers can do—and how effectively. Researchers said the restoration of connectivity in Iran after nearly 90-day internet shutdown has been trickling back this week amid internal political power struggles and ongoing negotiations with the US to end its war with Tehran. though they cautioned it is unclear how extensive the restoration will be and whether connectivity will only return temporarily.
It’s a reminder that communications infrastructure, access controls, and political turbulence can all collide with cybersecurity risk.
And the tactics aren’t limited to ransomware. The material also notes that scammers are using real hotel reservation data and other travel details to conduct effective spear-phishing campaigns, potentially accessing customer data from 350 hotels and vacation rentals around the world.
There’s also a surveillance angle creeping into the story of “security” and “data” more broadly. BusPatrol. an AI surveillance company that has installed cameras in tens of thousands of US school buses. says it will turn those cameras into automatic license plate readers. The plan would record the location of every vehicle a BusPatrol school bus passes and make the data available to law enforcement without a warrant. 404 Media described the concept as “roaming surveillance vehicles.” BusPatrol technology—and school bus surveillance tech more broadly—was originally intended for ticketing vehicles that illegally pass stopped buses. described as a critical safety issue for children.
In Chicago, a separate study tied technology choices to officer workload and emergency response. University of Chicago sociology professor Rob Vargas found this month that the Chicago Police Department was four minutes faster in responding to the most urgent non-gunshot 911 calls in the six-month period after Mayor Brandon Johnson shut down ShotSpotter gunshot detection tech in 12 neighborhoods in September 2024. Vargas analyzed Chicago city data and data obtained through public records requests. comparing the time period with the preceding six months during which ShotSpotter was still active. The data couldn’t be used to assess response times for calls specifically related to gunshots. but it indicated ShotSpotter alerts may have been occupying officers with false positives and delaying responses to other types of critical 911 calls. “It is clear that ShotSpotter wasted officers’ time by sending them on wild-goose chases,” Vargas told WTTW News.
MyPillow Mike Lindell Play ransomware Silent Ransom Group SRG FBI alert dark web leak site spear phishing hotel reservation data BusPatrol school bus cameras ShotSpotter Chicago Police Department
So he got hacked or it’s all fake? Either way MyPillow never makes sense to me.
Lindell saying it’s a political hit job sounds like something he’d say, but the “Friday deadline” part is weird. Like if they really have payroll IDs and taxes, that’s not just some random troll message.
Wait I thought MyPillow was already like, hacked during the election stuff? Idk man, everyone keeps bringing up politics and AI and ransomware like it’s all connected. Could be the Russians, could be his enemies, could be someone inside. The dark web posting with a deadline doesn’t mean anything to me, people can fake that.
If it’s true, why do they post it like “budget. payroll. IDs. taxes” like that’s supposed to scare customers? I mean MyPillow already scams people with pillows lol. Also he’s running for governor, so of course it’s gonna turn into a “gotcha” story instead of cybersecurity.