Key Aerospace Supplier Breached
Jamco Aerospace, based in Long Island, New York, supplies parts to Boeing, the US Navy, and Northrop Grumman. Other clients include Spirit Aerospace and Lockheed Martin.
On August 6 2025, the Play ransomware group added Jamco to its dark web leak site. The gang warned it would leak stolen data on August 10 unless paid.
Jamco manages every stage of production, from engineering to inspection and shipping. Its products include landing gear assemblies, hull valves, and power distribution boxes.
The attackers claim they stole payroll records, client files, IDs, budgets, taxes, and accounting documents. They have not revealed proof of data volume or samples. Jamco’s website remains online but shows as “not secure” in Google Chrome.
Play Ransomware’s Extortion Tactics
Play ranks among the most active ransomware gangs in 2025. It has hit more than 800 victims since 2022. Around 350 of those attacks occurred in the past year across the US, Canada, Latin America, and Europe.
The group uses double extortion. First, they steal and encrypt data. Then, they demand ransom while threatening to share files with partners or the public.
Play often exploits outdated firewall vulnerabilities or remote management tools. They also create unique ransomware binaries for each victim to bypass security tools.
Growing Risk for the Defense Sector
The aerospace and defense industries remain high-value targets due to sensitive data and complex supply chains. Recent cases include Stark Aerospace and the 2023 LockBit breach of Boeing. These incidents show the critical impact ransomware can have on national security.
