Quick Summary
Executive Summary
Lockers IT, a technology company based in Bangladesh, has been identified as a victim on the Nova ransomware group’s dark web portal, with the listing published on June 21, 2026. This information was discovered through SOCRadar’s Dark Web Monitoring service. The Nova group has shown a pattern of targeting organizations in the Technology, Manufacturing, and Education sectors, with recent victims primarily located in the United States, Bangladesh, and Peru.
Technical Analysis
SOCRadar’s analysis of stealer-log telemetry revealed a significant exposure for the lockersit.com domain. Nine corporate credentials for internal systems (including webmail, cPanel, and ERP applications) and six corporate credentials for third-party services were found. These records, dated up to June 19, 2026, indicate a substantial corporate intrusion risk. While this data does not definitively confirm Nova’s use of these credentials for the current incident, the pattern is consistent with typical initial access vectors for ransomware groups. These groups often acquire credentials from underground marketplaces to gain access to corporate networks via platforms like Microsoft 365, VPNs, or remote-access portals before deploying ransomware. CTI teams are advised to maintain vigilant monitoring and implement proactive credential hygiene measures.