A hotel chain serving Ivy League campuses has allegedly been slapped by ransomware. Hackers are threatening to leak payrolls, IDs, and secret docs if no one pays up.
A ransomware gang has crashed the Ivy League party. Now, Yale’s hotel partner might be handing over more than just room keys.
Study Hotels, the boutique accommodation brand catering to visiting families, scholars, and Ivy League alumni looking for cushy campus vibes, has reportedly been hit by a ransomware attack.
The chain operates luxury stays nestled between the campuses of Yale, the University of Pennsylvania, Johns Hopkins, and the University of Chicago. If the claims prove to be right, with a clientele that includes visiting professors, high-net-worth parents, and conference attendees, the data at stake could be a serious issue.
The gang claims they’re sitting on a goldmine of highly sensitive data: “private and personal confidential data, client documents, budget, payroll, IDs, taxes, finance information,” writes the crooks on their website, which is somewhere in the wilderness of the dark web.
The leak notice went up on April 11th, 2025, and the timer is ticking – Study Hotels has one day left before the threat actor says they’ll drop everything. The threat actor behind the attack has already leaked part of the data and is threatening to dump the full haul unless the company pays a ransom.
Ransomware gangs often list the victims on their dark web leak sites, attempting to muscle organizations into paying a ransom. Play’s modus operandi is classic pressure cooker: ignore us, and we’ll leak everything. Respond, and maybe they’ll keep it quiet.
Attackers claim that after the attack, the victim is granted time to contact them and seal the deal.
“If we came to an agreement, your organization does not appear on the portal, no one knows about what happened,” explains the gang.
That’s not the case if the company refuses to pay a ransom. “We will notify your partners and customers… Journalists and others will dig into your documents… Your shares will fall… some organizations will be forced to close,” threatens the gang in its FAQ section.
However, ransomware gangs publishing fake information is not a rare occurrence. It’s unclear whether Study Hotels has responded to the threat. Cybernews has reached out for comment but a response has yet to be received.
Who is the Play ransomware gang?
According to Cybernews’ dark web tracker, Ransomlooker, the same gang has already listed 731 other victims, with 77 victims already this year. First seen two years ago, the gang is suspected to be Russian-linked.
According to an FBI bulletin on the group, “Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure.”
Last year, the gang was responsible for an attack against the multinational doughnut and coffeehouse chain Krispy Kreme.
In 2023, Play was behind the crippling month-long attack against the City of Oakland, California, the Palo Alto County Sheriff's office in Iowa, and the Donald W. Wyatt maximum security detention center in Rhode Island.
Play ransomware also claimed to have breached BMW France. The company responded it is “investigating” the incident.
Your email address will not be published. Required fields are markedmarked