Quick Summary
Executive Summary
FTL-Fast Transit Line, a Netherlands-based transportation and logistics company, has been identified as a victim by the Nova ransomware group. The claim was published on June 23, 2026, and was detected via SOCRadar’s Dark Web Monitoring. The transportation sector is particularly vulnerable to downtime due to its critical role in supply chains, making FTL-Fast Transit Line a significant target. Nova ransomware has recently expanded its victim base globally, despite previously maintaining a stronger focus on technology and manufacturing sectors. While this incident broadens their sectoral reach, the group continues to be active, with 38 other claimed victims in the 60 days prior to this listing. Their targeting patterns, though broad, show a tendency towards technology and manufacturing.
Technical Analysis
SOCRadar’s analysis of stealer-log telemetry related to ftl-intl.com returned no direct evidence of credential exposure at the time of the report. However, the absence of immediate proof does not confirm security. Credentials could have been exposed through alternate domains, personal email aliases, or data not yet processed into the telemetry dataset. Ransomware groups like Nova commonly leverage compromised credentials obtained from stealer logs to gain initial access to victim networks via services like Microsoft 365, VPNs, or remote access portals. CTI teams are advised to continue monitoring for potential credential leaks and implement robust credential hygiene practices, as a null query result should not be interpreted as a guarantee of security. The known modus operandi of groups like Nova suggests a reliance on such methods for initial access, and continued vigilance is crucial.