Ransomware Intelligence

nova

Ransomware group profile

129Victims
RussiaSource country
100Impact score
Also Known As
RALord

Description

Nova is a ransomware-as-a-service group that commenced operations in March 2025, later rebranding from RALord. They employ a double-extortion approach, combining data encryption with exfiltration, and have been known to target organizations across various sectors, with a focus on financial gain.

Key insights

  • Nova uses a Rust-based ransomware that employs a robust cryptographic scheme including XChaCha20-Poly1305 and RSA-2048.
  • The group escalates ransom demands even after initial payments, which is atypical for ransomware operations.
  • Initial access is often achieved through compromised credentials and exploitation of exposed remote services.
  • Nova targets various sectors, including healthcare, education, and e-commerce.
  • Their communication with victims typically occurs via qTox IDs on a dedicated Tor-based data leak site.

Industries

EducationEnergy & UtilitiesFinancial ServicesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For nova · Based on incidents in selected period

4.9threat level
Aggressiveness10/ 10
Lethality0.2/ 10
Criticality4.2/ 10

Status Breakdown

Data Leaked4.7%6
Claimed87.6%113
First seenJun 2025
Last seenJun 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 23, 2026

Recent activity

Monthly attack count for nova in the selected period

129Total attacks
26peak in Jun
9.9avg / month
↑ 24 vs first month
JunJulAugSepOctNovDecJanFebMarAprMayJun07142128

Intelligence

IOCs, YARA/Sigma rules, and related families for nova

  1. 92bd61b94eb6c4e4d8b4f97452822f291a0c7bee75f2a3c753dc6ffea6ea32f6
  2. 2551e64498ed723fa2b258c9134ee299308ef91c82e14b9e873fc06dddb8f3f4
  3. 9d5d80254ca4e07a60f8b88b8515c9c580ca83af6e017079d7bf3ab08294522c
  4. fd64c5bf3243ccdf61ff85427d366c7f73e65b2d
  5. eaedebdc23056fa4964a75d35bf20f9dd179a582
  6. 5be3191c927141df1de4bd8270bc39e7bd2cfd7a14c6b1ebc97b80c666222892
  7. 7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91
  8. f15d2347662d483ea9bcd8aa1a691d28
  9. 7dcce5b76c8b17472d024758970a406b
  10. 0336d6a2348ce826be1f8e4b35bf99c2756cc9efed7be94692beffa13bb0b604
  11. d73bb7e1ccd8f55e885b7a6d0a885e4c08f7ac087c02ed67bd913761f3e1c9c7
  12. aa47802bdf8f0da3f86a4342ba60f48ec07274c725f7d133dbc47acd61a1cb11
  13. 4fef8b3cd13b424b88352f9dce2572d39d09a1bcd7f847a53863c1358c28281b
  14. 6b99cc6823a99aeeb0c123ef89c7313cc871a588
  15. a875f9b3c1f31835b3f70c23a8a1daa06404b82d61887d035731eb13f649c0db
  16. dcb570fbe856e5e617dcc936433995e1cb604c002f162d8a8eb7678859ff955e
  17. ec5d494f2a6b8dac323887096152bd4851766d4119be1487597a4bcc86f12d36
  18. e353a21c11bb96de471ec2dcc9fd7b6624eb8ed02a2b0435b9cf259e197d91b3
  19. 1c6aee9ed38182a545c4ea7068e552a2
  20. 45f82f4aef7a4bbf942ce861d1f20990
  21. 41d225f439822d7e077b43c54109c2d9f61d6868a4efe65033c9763b04f929f5
  22. 1fc1c530fdab845a0a2b05d0b5335bcb
  23. dd8a0eca78e9411b914b2ca3db3aaf6a45d03a6663caa17f2e2def93011d0867
  24. b175e1d4fe69da0be4db63996a804b204005923aabeedd9c02b615ea04986303
  25. 3490162e614e41b985aa759da2c36eed71da98445d0f57b0f46341ea2615bae2
  26. ade2993e77fb44369f53e14835c2c7d6ccee2321d59b106b7207e85d16c08898
  27. 7a1ac0566d753f699dd7fffb5b96326812eb33c19e454b93fa916a21fcbca4c0
  28. cf1a1c9aee2f973048cdc47eb982a89a85c2dbe64edd3f49d9d0e849c6b50b60
  29. e6640ac5a6c0fa0f692cc0268e35a472
  30. 7599cbc406df381089b9d6c6b4a010cbaeae03462500164276e73a85712b5b34
  31. 59519f09bfcd2e641bf2e8f328cf53a2
  32. dd766c3b2ca6cbea1905751d5c252c0ee75ac70bafdf24b7ab17e5ff0f92bbfd
  33. d8edd5305c58df8320a6b54d9c0d531d9a4e249a552e013d99ed04430911b6c4
  34. eb1917034d91f9379603731bcf293251e06dc21aa53b765b6d0316a0bd603f8c
  35. c797616e878c1047bcce8ec299117954a26d56986a99e7592a5c61b7046255f1
  36. 1d9c4f86b96ed2393967188b131b7c437d29d77c696377f702e2bdc65a07cf23
  37. a1497ccd1d45a04046e918e2b115fe66d5931cc6a7c73eca294a68358ffde180
  38. 898dde9055fb79d38470939940110aee98a83bbcfa2a0399c870de444540a56e
  39. df7a54b20e06da4ea31e01976e19c075
  40. 91182117389f1a5173b53400394a3dccb8837028c37825e3ebf2b4d4515e54ab
  41. f5a8ceb27bea2b49cc0c38da3b9007efc12db19e
  42. 1028f6a42f2acda241b8a7e714b2359501a583e2
  43. ea1b8169ae51fd601dfb36549517b416cc7e2e5e
  44. 645c735537634ae0a32b15a7c6cba7d4
  45. fc64bbc33e755451ba25d13209338bd628d68534d13cbf00992ae0f5fc97ca04
  46. f77379a8490b408bbe5f6940505a777b
  47. ea671475338ad6fe402471d7d8d4ef1281f73757aa24a90655f4d914cbe849ac
  48. a53a9ca8a074c7108f8412c3f8c1fc5d
  49. 4d4408cfd0d144859184d1e65d7c8a65
  50. 1b3bb94037f04bbf81028e135a12d293
  51. be7ce2070d1e5e5dc1e2151b5431667161ccf5689db31566a6b49228da2c95fc
  52. 32addf18477324f478bf93ac22be65550bc71450c9bc4fe49aa3be22219aae65
  53. d4f3f8b96ab909e8e4023a8cff4b0a9090c6f1bd01547521312f204777b62480
  54. 7c9312ebe2afc299a0835a32700cdd2c5099c228799414c48058c0fb6095df9b
  55. cd359789a48a60170267f737dffceb45
  56. 7d96c24082eb222236381467545ea57c40fe49c4e208dc8e511ed80243de94e7
  57. 060eb4ce798e9e2470f4a36139c5c03c0bfacf0a611199b056280efc290f5861
  58. d39792100884954d6e95895d85afdd59e7dec7d94d27e0b99b97ce2cd11610d4
  59. ce1438298244aa9085e47871c40dca4944fddf620ffadbb0a6c9158626556376
  60. a09d6699c8aad5ef8e6cc60745ffa8764da18b41e92e3f02da1f45b70c74d695
  61. 52db1f284a0dccbb750314cf765131a17a8284a2aeea04701a2b71f35fb9d9ee
  62. d8c5600c09b316689c21aba141044efe25d4cadfd7cab61bfe99269f134f45c2
  63. daeba5633a414f92b666607203dcf0fd8bd023d619f4a25908e38837fd9a14bc
  64. 54dff94e2451ba3979c3b58ef4ee2612566f9e4bdca218ec7e24eb7fd11a8018
  65. 6020ea571ee6e09a0500421823fd5292858bd763acc4089a56af414cfb0c82ae
  66. 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
  67. aa99338898c90e38e24c0e45ca891e25d468241d4fdba7108773ae1506c8cafb
  68. 97876c085318d8606e8478976d98dab77a7e905a87a4b0a27e20d794af25cd4c
  69. 338b572e3bd8679b6203b6e71f448485a206381fd097de3489a429b01593d585
  70. e7d68c174f38704d3bd220ce204117f558c60b348f24176b96fd7887602c30c6
  71. 7db58b72a3493a86e847c3685eca74c690d50b55
  72. 4c15a5914d399a97dce2cf6452b991e5848f1f712397e9ff8381bd5cd3b8c9c0
  73. a573774fe2df9aad7e477cb0dce6cd175066763efc130e16b5438381c9076a6c
  74. e39dba3b8bd0cd6863d2c7ce9248fcc827a03a8906a08093d56fa85ec16bc5ba
  75. 822c45a52cad26af77ea25f121724999
  76. 6bbd95ee977941e497c48be27c254128
  77. ec387f577b844b8fa948f33cad9a75e6
  78. fd280e33e84c88e97860930557dba3ff80b1a82d
  79. ed0423939b8ff10a7d61ba17d6377087df86bce043cbb94ba605d6770c5afcde
  80. 6e262c096efc1c149fa5eb7cfc804045
  81. a191b683a9307276f0fc68a2a9253da1
  82. 5aadd8e954dc4b1a8c954d63fd9e1137
  83. af55a6f75b544431b72649f36ff6d62c
  84. b10d8bb537ab05e51f08d0b942ee9f92f3226d118fcac794d1a7396bbc0b531f
  85. a7efe6f7ee305427b023e0bd95e1f7de96e16ad36603ed8e01be859188015e63
  86. 1100ece95027619c52779c0c447c572e
  87. 5d41402abc4b2a76b9719d911017c592
  88. a5d594c8de979074f2d22b37bb01b04fd738295a9388862141252201e028813e
  89. e542c61ac26e366537d89ad2fbd8c5f448d440b4ff2174d10045c02197aa6bce
  90. a6895be42d9987762cf1b4b670c475014fe162c37b7fc6aec7ab816a7ab4078f
  91. 77fcd1e3b8097c60fc45308f41054167ec415365cba5906a22302854e83c8639
  92. efc90244ed03f76f97b76886351c9ff744629147af87b082de724d24e5e142e5
  93. f8dca20f0394e6c11a9bd8b9706e1dd9bca8f8f72d4edff36fbf311b0f40a610
  94. 050e8dcab5f3456b1ff65666d2afe3c3769288a2f1c83baa368010f592c7e808
  95. b162474a1265897ade9cfd7e681082f32a9291a01f19bb3beeb61e5a12e20682
  96. cc123e35363aeace09900bf3de76080eb46f7e04edede742dbdf2d80be129cc0
  97. 98268866d1d54a499c4e98921d93bc40
  98. abfa83cf54db8fa548942acd845b4f34acc94c46d4e1fb5ce7e97cc0c6596676
  99. 4c29b976165231c4d05b94b01b002ccc54c1d45f290940ac03bd8f22dada1f67
  100. 87e8230a9ca3f0c5ccfa56f70276e2f2
  101. 8863b4bafe1b56e8eebe1b06806573c7bdb8e7e7a8a0fe6fa6fab3b83ed5fd0f
  102. 6b0c78f990bb89a5c85456dab55966f178d309dae196077e1c562ce1f59ff72c
  103. 007b5cd6d6acf972f7743f79e23cab9bb2ecbee3
  104. 73aee5e1703545457343c6d7a9aa1184
  105. e37c06be7d67fdff4fd2e1ea6013a5a41390ef6e74120d4fa3ecf0c05b2df730
  106. 7f7b18413fc3affe2b839c2d1f1638ef
  107. 0b1f6abed1e4d78bf0bccc60204a87b397911d008910329b23560c6d6306b8a2
  108. 8f70d1e2dd175ef62acf06496488b9bbf634d900809d133d5d175b26ec0d5586
  109. d5ffe5bab9b5b74bfe8dcc79c1438854a90ee930ae9106820d9488b7c729d49d
  110. 95ca5c994e1ec93f51fc072405855af4
  111. e5ed924d7e5d527c6398a9eb789036a921f66f658162971058a18315611aa84f
  112. 7f3b0682e57da055874455302178be52481a5161f3f3f805167b248a39b57c18
  113. 565031eaffb9b309737c04e9b6c6f865
  114. 03b59ea7bb1e2da157ae489381b5b047536b6737bf87feeba65b499ee484b4db
  115. fc2e22bc6ee647b6b90729ab34a250b1
  116. 03e939a5a929151fc6fa3cf5df19db37
  117. b9975c8f8f4b7ebd3a0b2148ecbb5bb66dc9e369
  118. f62c8a93e2fdeb5e4a334f11dde380d632e03f5c919ae4f54a69c30de57bddb7
  119. 247f19b1b667c458efb6d1419e763c9501d37e24fe31d0eddefa6654b3663c6a
  120. 7459b0cef7ec5800c67c4179bebb5276e1a21582baa1beef54c965e1d687fcbb
  121. 30409e85d1244083354035528d143f8d653a7304ae758a39ee88896071c4f4a1
  122. afcc2efb164ed48d42cbfc5b53824c905b69f32f
  123. e82e69472b1b33ad0a35cc5459d06064
  124. 79e05b67bc4545d1922fe47107ee60c5
  125. def0626f2ff318b0d76bb6e3953652c7803ee1506170101a5547188e975a2e3c
  126. a0eee7cd05ca3dbddb57414df99768c05ade18f9c13fb31e686558e636badf26
  127. b98cac18d019392053223216d4415631ddf0b283f24e7382860b386723a4b6c4
  128. 4d43b4551f58c20920f5ffc9b450f1399afc4ff7925184e202adea00a57771ef
  129. 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
  130. d9ec5e95e4b646aaaea2fd05214edbda
  131. 56036c2490e63a3e55df4558f7ecf893
  132. c6e7bb307ecfb29f407347bf14a1ecccf7f20d9fa9db289e0784b2a230bc9992
  133. b33ffa18c79888e8dd64aa9e3c9a60f1a66757377d8e8dbabe894b71b492f196
  134. 41ada060e3cd9e93ac5aa6b5e3f9b315abf4c640
  135. b491cad0ac4780fb6c32249d5f1510037c178d89506eb0a6c8afe9b160d98189
  136. 42fc8cd9a443afad18082a067ec40738
  137. 0f1465b2d4e2efcfdfc10074889c9beb361ade35
  138. b6a61df3254bda3056900937e3e162ddeec3239bc5e1ac3488cef9aafbda21e4
  139. dcd69a2eac01a659e20dbea80a14a8c3117b2cad184122a96f49173debe51312
  140. fb6a4b0a6569c2af3842b96cc7b098e6
  141. 480a42e823456e5c78348a3f85beec0d02581bbfd255dad5cb208c16862f3995
  142. 314dfc646758738fdadb7fade661afc595b48d00
  143. abe8e7db84be416f0a76e5cb12d5c15cfea879ba0ba376db29458a8d8bb902d3
  144. d60bee4a2e5a60e1ad0afa51ab627b5d
  145. 6151293a059ecd2df2cdb32a58a4eb6647f736b4f7afcd5d0d5d942242b06218
  146. 55d9836dddac73e611cf7bfac7d2066cc0961e05337d1f91837680e4c57b8816
  147. ea0f589e4bc2737119a1730477f8929b
  148. ef78357ae8fa5c3065b53f051f76211ee77d8c818687fc1dfd83de71a05f755d
  149. c14aaf76ec284a5fa1f105f88dfb061c
  150. 1276480838340dcbc699d1f32f30a5e9
  151. 39f53479d3a045ac8e11786248231fbf
  152. 6b734c88958bfe7447e6702844486156daf7a54cbd0a1cf9b7bfef98daadf519
  153. a4a3d9ac1df13736a29a615fc86b5f3835aba11d
  154. b45d02cf991d76968128724ed87112dc86cd2974
  155. a361a37dc0a74c169b3873447d3662ab4abb6816136168bd419a52cf3119e571
  156. db057d6796337e05812ca2926b5503442f2201c53afb506e90c279e11bf1a7af
  157. 70427d9f70306cd4e6f48ca95b786a44e237a543
  158. 91a4e6f6d51daee773a8f00279792578
  159. a60815382b152318ca94ff8dc839e14041eb7478
  160. 11ee5f269902e37ab15e8ae2c5d37412
  161. 2b14437dfe3b87167b5dd76c48845f12bff640ae
  162. 9375cff0413111d3b88a00104b2a6676
  163. dacc767bcb9570cfd44ddfc3b7debc89c3d540ea72dcb1fe81e7eae041ce110e
  164. 9e302d473fe20d9adcef23657fc18fcf701e8439af537ac12aacce3378b5d78d
  165. 73cc07e806fc2c6d0beef8c20b20c62a647887e81d3b4306d647416aceb0eccd
  166. afb70782d7c4e422bb367c14903236bd7c675f1f
  167. 22c078671e0b67aa3011b866c6d8346d0b018e3c7601a8f64a7b4dcf0a315d52
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for nova

Other

T1486

T1486

T1490

T1490

T1078

T1078

T1021

T1021

T1562

T1562

T1080

T1080

T1059

T1059

T1547

T1547

T1021.001

T1021.001

T1003

T1003

Victims(129)

CompanyDomainCountryIndustryStatusDiscovered
lpgroup
Claimed
about 19 hours ago
alejandria
Claimed
about 19 hours ago
transvillTransportation
Claimed
about 19 hours ago
transvill.com.petransvill.com.pePE PeruTransportation
Claimed
about 22 hours ago
alejandria.bizalejandria.bizAR Argentina
Claimed
about 22 hours ago
lpgroup.ptlpgroup.ptPT PortugalProfessional Services
Claimed
1 day ago
cloudquantumTechnology
Unknown
1 day ago
FTL-Fast Transit Lineftl.beBE BelgiumTransportation
Unknown
2 days ago
Lockers ITlockersit.comBD BangladeshTechnology
Claimed
4 days ago
Nhà Thành Phốnhathanhpho.com.vnVN VietnamOther
Claimed
4 days ago
Dosabdosab.org.trSA Saudi ArabiaManufacturing
Claimed
5 days ago
Hosabhosab.org.trTR TurkeyProfessional Services
Claimed
5 days ago
MIT HJERTEmit-hjerte.dkDK DenmarkHealthcare
Unknown
5 days ago
One Believing Interiorsonebelieving.comHK Hong KongRetail & E-Commerce
Unknown
5 days ago
Desert Microdesertmicro.netUS United StatesTechnology
Unknown
6 days ago
Sunasssunass.gob.pePE PeruGovernment & Defense
Claimed
9 days ago
Kedahkedah.gov.myMY MalaysiaGovernment & Defense
Claimed
9 days ago
NSW Governmentnsw.gov.auAU AustraliaGovernment & Defense
Data Leaked
10 days ago
Divine ITdivineit.netBD BangladeshTechnology
Claimed
10 days ago
Sky devicesskydevices.comUS United StatesTechnology
Claimed
10 days ago

Page 1 of 7

Affected countries(57)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇱Albania🇦🇷Argentina🇦🇹Austria🇦🇺Australia🇧🇩Bangladesh🇧🇪BelgiumBolivia, Plurinational State of🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇴Colombia🇩🇪Germany🇩🇴Dominican Republic🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇬🇭Ghana🇬🇷Greece🇭🇷Croatia🇮🇩Indonesia🇮🇳India🇮🇶Iraq🇮🇹Italy🇯🇵Japan🇰🇪KenyaKorea, Republic of🇱🇰Sri Lanka🇱🇺Luxembourg🇲🇽Mexico🇲🇾Malaysia🇳🇱Netherlands🇳🇴Norway🇵🇪Peru🇵🇭Philippines🇵🇰Pakistan🇵🇱Poland🇵🇹Portugal🇷🇴RomaniaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇻El Salvador🇹🇳Tunisia🇹🇷TurkeyTaiwan, Province of China🇺🇦Ukraine🇺🇸United States🇺🇿UzbekistanVenezuela, Bolivarian Republic of🇻🇳Vietnam🇿🇦South Africa🇿🇲Zambia🇿🇼ZimbabweGlobal