nova
Ransomware group profile
107Victims
RussiaSource country
86Impact score
Also Known As
RALord
Description
Nova is a ransomware-as-a-service group that commenced operations in March 2025, later rebranding from RALord. They employ a double-extortion approach, combining data encryption with exfiltration, and have been known to target organizations across various sectors, with a focus on financial gain.
Key insights
- •Nova uses a Rust-based ransomware that employs a robust cryptographic scheme including XChaCha20-Poly1305 and RSA-2048.
- •The group escalates ransom demands even after initial payments, which is atypical for ransomware operations.
- •Initial access is often achieved through compromised credentials and exploitation of exposed remote services.
- •Nova targets various sectors, including healthcare, education, and e-commerce.
- •Their communication with victims typically occurs via qTox IDs on a dedicated Tor-based data leak site.
Threat Level & Status Breakdown
For nova · Based on incidents in selected period
5threat level
Aggressiveness10/ 10
Lethality0.2/ 10
Criticality4.8/ 10
Status Breakdown
Data Leaked4.7%5
Claimed91.6%98
First seenJun 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for nova in the selected period
107Total attacks
25peak in May
8.2avg / month
↓ 2 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for nova
- 2551e64498ed723fa2b258c9134ee299308ef91c82e14b9e873fc06dddb8f3f4
- 9b53826ef234a237ffdac0560adc4d7606e2a82677fd469bfc8189c79ce0425b
- 78f396206b59df127181607747f6f4d4
- fd64c5bf3243ccdf61ff85427d366c7f73e65b2d
- 5bae82e4ce39ba291b189d7c5f935ed0dc4c1fe0
- eaedebdc23056fa4964a75d35bf20f9dd179a582
- 7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91
- f15d2347662d483ea9bcd8aa1a691d28
- 7dcce5b76c8b17472d024758970a406b
- 0336d6a2348ce826be1f8e4b35bf99c2756cc9efed7be94692beffa13bb0b604
- 6b99cc6823a99aeeb0c123ef89c7313cc871a588
- a875f9b3c1f31835b3f70c23a8a1daa06404b82d61887d035731eb13f649c0db
- dcb570fbe856e5e617dcc936433995e1cb604c002f162d8a8eb7678859ff955e
- 5be908140be60dd24209ee81e27250d51096c4b72b020b77410bfd37d99fa321
- e353a21c11bb96de471ec2dcc9fd7b6624eb8ed02a2b0435b9cf259e197d91b3
- 1c6aee9ed38182a545c4ea7068e552a2
- 45f82f4aef7a4bbf942ce861d1f20990
- 41d225f439822d7e077b43c54109c2d9f61d6868a4efe65033c9763b04f929f5
- 1fc1c530fdab845a0a2b05d0b5335bcb
- d32ded347c5c73ee09d345adf2c69169
- b175e1d4fe69da0be4db63996a804b204005923aabeedd9c02b615ea04986303
- ade2993e77fb44369f53e14835c2c7d6ccee2321d59b106b7207e85d16c08898
- 58c1e49c67e5b7bcf10d30e370685d10c2fa263f24b8d099a97005c7a35f1346
- 7599cbc406df381089b9d6c6b4a010cbaeae03462500164276e73a85712b5b34
- 59519f09bfcd2e641bf2e8f328cf53a2
- a144fb68e7a2f679e57fc5c861f8bf165a26e4cb09d9483af2601b007d62d38a
- a1497ccd1d45a04046e918e2b115fe66d5931cc6a7c73eca294a68358ffde180
- 1575c2e7979fb3384ede378ca28021395db25b2b
- df7a54b20e06da4ea31e01976e19c075
- 91182117389f1a5173b53400394a3dccb8837028c37825e3ebf2b4d4515e54ab
- f5a8ceb27bea2b49cc0c38da3b9007efc12db19e
- 67911cde9d9be2d61122572184cb8d8147c2459592dc5f6aef997b2cb8600d2b
- 2e3f9e4f0ac98f4369a05c3a94076e37d8cc48b1aa4d469083cdbf8387a46ab0
- 1028f6a42f2acda241b8a7e714b2359501a583e2
- 662aee66e12aba1259a2aa9235f4618fb09fe919
- ea1b8169ae51fd601dfb36549517b416cc7e2e5e
- 645c735537634ae0a32b15a7c6cba7d4
- f77379a8490b408bbe5f6940505a777b
- a53a9ca8a074c7108f8412c3f8c1fc5d
- 4d4408cfd0d144859184d1e65d7c8a65
- 1b3bb94037f04bbf81028e135a12d293
- 32addf18477324f478bf93ac22be65550bc71450c9bc4fe49aa3be22219aae65
- 7c9312ebe2afc299a0835a32700cdd2c5099c228799414c48058c0fb6095df9b
- 060eb4ce798e9e2470f4a36139c5c03c0bfacf0a611199b056280efc290f5861
- d39792100884954d6e95895d85afdd59e7dec7d94d27e0b99b97ce2cd11610d4
- 52db1f284a0dccbb750314cf765131a17a8284a2aeea04701a2b71f35fb9d9ee
- 6020ea571ee6e09a0500421823fd5292858bd763acc4089a56af414cfb0c82ae
- 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
- 3181ba234e26da1b0509534dcb9ea0f267ec62cbd8186fdcf02010a32647cc12
- aa99338898c90e38e24c0e45ca891e25d468241d4fdba7108773ae1506c8cafb
- 97876c085318d8606e8478976d98dab77a7e905a87a4b0a27e20d794af25cd4c
- 7db58b72a3493a86e847c3685eca74c690d50b55
- 4c15a5914d399a97dce2cf6452b991e5848f1f712397e9ff8381bd5cd3b8c9c0
- e39dba3b8bd0cd6863d2c7ce9248fcc827a03a8906a08093d56fa85ec16bc5ba
- 822c45a52cad26af77ea25f121724999
- 6bbd95ee977941e497c48be27c254128
- ec387f577b844b8fa948f33cad9a75e6
- 86372ac72add0002b9f8028e3a62410312aa8fe4
- d96e8f2d53180c2003f5422cb2691aa28bfe039b
- 6e262c096efc1c149fa5eb7cfc804045
- a191b683a9307276f0fc68a2a9253da1
- 5aadd8e954dc4b1a8c954d63fd9e1137
- af55a6f75b544431b72649f36ff6d62c
- b10d8bb537ab05e51f08d0b942ee9f92f3226d118fcac794d1a7396bbc0b531f
- 554e626c733e83c9c9be24ee83a120a23b2ef3f47463504b72b89f11a8a7e0a7
- 5d41402abc4b2a76b9719d911017c592
- a5d594c8de979074f2d22b37bb01b04fd738295a9388862141252201e028813e
- f8dca20f0394e6c11a9bd8b9706e1dd9bca8f8f72d4edff36fbf311b0f40a610
- cc123e35363aeace09900bf3de76080eb46f7e04edede742dbdf2d80be129cc0
- 98268866d1d54a499c4e98921d93bc40
- 5e307ef3aa9f20d963382700173530cdc455c1523631bbe22ede3710a2a30373
- abfa83cf54db8fa548942acd845b4f34acc94c46d4e1fb5ce7e97cc0c6596676
- 87e8230a9ca3f0c5ccfa56f70276e2f2
- 007b5cd6d6acf972f7743f79e23cab9bb2ecbee3
- 7f7b18413fc3affe2b839c2d1f1638ef
- 0b1f6abed1e4d78bf0bccc60204a87b397911d008910329b23560c6d6306b8a2
- 95ca5c994e1ec93f51fc072405855af4
- 565031eaffb9b309737c04e9b6c6f865
- fc2e22bc6ee647b6b90729ab34a250b1
- 03e939a5a929151fc6fa3cf5df19db37
- b9975c8f8f4b7ebd3a0b2148ecbb5bb66dc9e369
- 247f19b1b667c458efb6d1419e763c9501d37e24fe31d0eddefa6654b3663c6a
- d272dc33c8571fb633a8f266b1bf45eb2835531fefbd76366a26eec971c2a01a
- afcc2efb164ed48d42cbfc5b53824c905b69f32f
- 261cc6266047d51e5b1ccab3829be1502ce19d30
- e82e69472b1b33ad0a35cc5459d06064
- 79e05b67bc4545d1922fe47107ee60c5
- def0626f2ff318b0d76bb6e3953652c7803ee1506170101a5547188e975a2e3c
- a0eee7cd05ca3dbddb57414df99768c05ade18f9c13fb31e686558e636badf26
- 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
- d9ec5e95e4b646aaaea2fd05214edbda
- 56036c2490e63a3e55df4558f7ecf893
- ba7eba6eb1f8d7df08a09a77ed502a6a70f5d45daaf1cf321d397f5d8a32d9d7
- 41ada060e3cd9e93ac5aa6b5e3f9b315abf4c640
- 42fc8cd9a443afad18082a067ec40738
- 0f1465b2d4e2efcfdfc10074889c9beb361ade35
- b6a61df3254bda3056900937e3e162ddeec3239bc5e1ac3488cef9aafbda21e4
- dcd69a2eac01a659e20dbea80a14a8c3117b2cad184122a96f49173debe51312
- 480a42e823456e5c78348a3f85beec0d02581bbfd255dad5cb208c16862f3995
- 314dfc646758738fdadb7fade661afc595b48d00
- eda49e8b2e9f9287b568c8ca8d1c2492d3a9789b
- abe8e7db84be416f0a76e5cb12d5c15cfea879ba0ba376db29458a8d8bb902d3
- d5febfdd239fd1d05e0c29d3bacfb880279f2d19
- d60bee4a2e5a60e1ad0afa51ab627b5d
- 55d9836dddac73e611cf7bfac7d2066cc0961e05337d1f91837680e4c57b8816
- ea0f589e4bc2737119a1730477f8929b
- c14aaf76ec284a5fa1f105f88dfb061c
- 1276480838340dcbc699d1f32f30a5e9
- 39f53479d3a045ac8e11786248231fbf
- 6b734c88958bfe7447e6702844486156daf7a54cbd0a1cf9b7bfef98daadf519
- a4a3d9ac1df13736a29a615fc86b5f3835aba11d
- 70427d9f70306cd4e6f48ca95b786a44e237a543
- a60815382b152318ca94ff8dc839e14041eb7478
- 11ee5f269902e37ab15e8ae2c5d37412
- 2b14437dfe3b87167b5dd76c48845f12bff640ae
- 9375cff0413111d3b88a00104b2a6676
- dacc767bcb9570cfd44ddfc3b7debc89c3d540ea72dcb1fe81e7eae041ce110e
- 9e302d473fe20d9adcef23657fc18fcf701e8439af537ac12aacce3378b5d78d
- afb70782d7c4e422bb367c14903236bd7c675f1f
- 22c078671e0b67aa3011b866c6d8346d0b018e3c7601a8f64a7b4dcf0a315d52
- 3781e7a34bc6e4b761854e92ddc829392e96c627f708f067893e4776c209c0c4
- 8aa9d35d9026c19e82a9f200bf758e6f
- b3b970ba2a434ca224efafe05aad1d06
- 2fd40e6a6d994000fff72ab0ae38688b
- 7007cf53bcd0083baba202d8ac2d9070
- af7ae505a9eed503f8b8e6982036873e
- 0af6dcc739b94c66f657fb38141142b220db9fae
- a24c82c2c4db20baef8998cb3c4935b74e83fec1a6c0e6bfcc64f4af19507b9c
- 820a419c5ee4cb633d321e32dec8d8595e0168d8
- 7cce82357f0d9ddab21ad3bdd22ece474abf15a6
- 8deb90f11f3596dbbfadeaa05fd5b40567a6d60a
- 4e3bc86b42923de0accd7fb896f1ead495873c768ad628fd996752e807becf09
- 50876a9db00f4c40bde1a2ad381c3a1b
- f72420b20ad91bea665dcf138d6a74ae
- 1bfb3edb394d7c018e06ed31c7eea937
- 98ba30e41137f4472279c3d0ea38edbe8773c724
- 5fa55b6b9a680cf8dbd6b3c837c3ef15
- 3bf3cee2a23b80237efc3bc0cab31c87
- c18a6b473de4a0a00e86a8bc09a733b3f88d0172ca67c952ad7d3fac44442224
- 3c293bdf2a25c07559b560ba86debc77
- cf73911e0ca8259e75caaefcda181d8c
- 87286e3c67d401132f900fc013ed70e5cf9ebb375b0f66abad9f836286ec891b
- 1a902392cad725b9b72834e2b7404d4197a406e2
- dd71e223b1217d3046e3a7a9995cea21
- 28e6936302f2d290c2fec63ca647f8a6
- 479a0170df010c5eb742ff1b8740a2ccf381df44c8a919c95d6e38685278e78a
- 630d8b00b9650984e288302f44cc14c439058de689aae3efd81309196af4d0a8
- 6c6da44060d3a9484c2e85a5e9f7147c3d2c9e9a89535c84049f7b16a42f8ef5
- c1de8ab04ff31336e20ace8fdce64832afe5069bf456045fffd1a5c7e4507a8b
- 199430efa2f9c121f0b858f8144f9291221396b4
- f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
- b62625ac88c49737a7c262423720cc8befbc2547775a674c673a2b2cc7ae8388
- f7d62a7a744346f55b96a31da9f5788da26e7ab4c8fecf897fb38c2ca3652882
- c0446c9f1556546847f4f8d831c09c38715a033a1d085458cda63bafe5dfb3d9
- b3917593587698bf746c5883a8c747fbfa8f6eee4d2f2a58c1fe588eff9a0754
- 26927304bdfaa2211523b12db42ffb92a4d6831c
- 11dfefebcb7fc59fff9ebd78bb55676f77825d5919ce6f65a4376760e18154c3
- 39eabd51174ae57bcaa05fc50ff7bb704464b97e315f6e03a6a447000463b261
- ec7ab99beb846eec4ecee232ac0b3246
- c72921d080ea0273f54b8cf2f7ef1241cca16d71
- 658a67adc1c940b3b3316e7e8628834a
- 03e9a956581eb46f0ad674235940d89424530df83bc03f684887960a2a3f03a2
- bd0bf25947d4a37404f0424edf4db9ad
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for nova
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1080
T1080
T1059
T1059
T1547
T1547
T1021.001
T1021.001
T1003
T1003
Victims(107)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Everlite concept | — | FR France | Manufacturing | Unknown | 1 day ago | |
| IBENA Textilwerke | — | DE Germany | Manufacturing | Unknown | 1 day ago | |
| BC3 Tecnologia | — | BR Brazil | Technology | Claimed | 4 days ago | |
| LTI Services and Larick Towing | — | US United States | Transportation | Data Leaked | 4 days ago | |
| Daegu University AI Department | — | KR South Korea | Education | Claimed | 5 days ago | |
| Badan Pangan Nasional | — | ID Indonesia | Other | Claimed | 5 days ago | |
| My English House academy | — | ES Spain | Education | Claimed | 7 days ago | |
| casasafer | — | IT Italy | Retail & E-Commerce | Claimed | 7 days ago | |
| Eriell | — | RU Russia | Energy & Utilities | Claimed | 8 days ago | |
| Textile Testing Services of America | — | MX Mexico | Education | Unknown | 8 days ago | |
| sandox info | — | MX Mexico | Technology | Claimed | 8 days ago | |
| Adensa Teknoloji | — | TR Turkey | Technology | Claimed | 10 days ago | |
| SECONT Secretaria de Controle e Transparência | — | BR Brazil | Government & Defense | Claimed | 10 days ago | |
| University of Valencia | — | ES Spain | Education | Claimed | 11 days ago | |
| AMACCAO | — | VN Vietnam | Other | Claimed | 12 days ago | |
| Hoy Construction | — | US United States | Other | Claimed | 12 days ago | |
| Softseba | — | BD Bangladesh | Technology | Claimed | 13 days ago | |
| Neubox | — | MX Mexico | Technology | Data Leaked | 13 days ago | |
| Nordfjord Hotell | — | NO Norway | Hospitality | Claimed | 16 days ago | |
| Asian Lite International | — | GB United Kingdom | Retail & E-Commerce | Claimed | 16 days ago |
Page 1 of 6
Affected countries(51)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇱Albania🇦🇷Argentina🇦🇹Austria🇦🇺Australia🇧🇪BelgiumBolivia, Plurinational State of🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇴Colombia🇩🇪Germany🇩🇴Dominican Republic🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇬🇷Greece🇭🇷Croatia🇮🇩Indonesia🇮🇳India🇮🇹Italy🇯🇵Japan🇰🇪KenyaKorea, Republic of🇱🇺Luxembourg🇲🇽Mexico🇲🇾Malaysia🇳🇱Netherlands🇳🇴Norway🇵🇪Peru🇵🇭Philippines🇵🇰Pakistan🇵🇱Poland🇵🇹Portugal🇷🇴RomaniaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇻El Salvador🇹🇷TurkeyTaiwan, Province of China🇺🇦Ukraine🇺🇸United States🇺🇿UzbekistanVenezuela, Bolivarian Republic of🇻🇳Vietnam🇿🇲Zambia🇿🇼ZimbabweGlobal