nova
Ransomware group profile
115Victims
RussiaSource country
100Impact score
Also Known As
RALord
Description
Nova is a ransomware-as-a-service group that commenced operations in March 2025, later rebranding from RALord. They employ a double-extortion approach, combining data encryption with exfiltration, and have been known to target organizations across various sectors, with a focus on financial gain.
Key insights
- •Nova uses a Rust-based ransomware that employs a robust cryptographic scheme including XChaCha20-Poly1305 and RSA-2048.
- •The group escalates ransom demands even after initial payments, which is atypical for ransomware operations.
- •Initial access is often achieved through compromised credentials and exploitation of exposed remote services.
- •Nova targets various sectors, including healthcare, education, and e-commerce.
- •Their communication with victims typically occurs via qTox IDs on a dedicated Tor-based data leak site.
Threat Level & Status Breakdown
For nova · Based on incidents in selected period
5threat level
Aggressiveness10/ 10
Lethality0.3/ 10
Criticality4.6/ 10
Status Breakdown
Data Leaked5.2%6
Claimed89.6%103
First seenJun 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for nova in the selected period
115Total attacks
25peak in May
8.8avg / month
↑ 10 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for nova
- 92bd61b94eb6c4e4d8b4f97452822f291a0c7bee75f2a3c753dc6ffea6ea32f6
- 2551e64498ed723fa2b258c9134ee299308ef91c82e14b9e873fc06dddb8f3f4
- 78f396206b59df127181607747f6f4d4
- fd64c5bf3243ccdf61ff85427d366c7f73e65b2d
- 5bae82e4ce39ba291b189d7c5f935ed0dc4c1fe0
- eaedebdc23056fa4964a75d35bf20f9dd179a582
- 7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91
- f15d2347662d483ea9bcd8aa1a691d28
- 7dcce5b76c8b17472d024758970a406b
- 0336d6a2348ce826be1f8e4b35bf99c2756cc9efed7be94692beffa13bb0b604
- d73bb7e1ccd8f55e885b7a6d0a885e4c08f7ac087c02ed67bd913761f3e1c9c7
- 4fef8b3cd13b424b88352f9dce2572d39d09a1bcd7f847a53863c1358c28281b
- 6b99cc6823a99aeeb0c123ef89c7313cc871a588
- a875f9b3c1f31835b3f70c23a8a1daa06404b82d61887d035731eb13f649c0db
- dcb570fbe856e5e617dcc936433995e1cb604c002f162d8a8eb7678859ff955e
- 5be908140be60dd24209ee81e27250d51096c4b72b020b77410bfd37d99fa321
- e353a21c11bb96de471ec2dcc9fd7b6624eb8ed02a2b0435b9cf259e197d91b3
- 1c6aee9ed38182a545c4ea7068e552a2
- 45f82f4aef7a4bbf942ce861d1f20990
- 41d225f439822d7e077b43c54109c2d9f61d6868a4efe65033c9763b04f929f5
- 1fc1c530fdab845a0a2b05d0b5335bcb
- d32ded347c5c73ee09d345adf2c69169
- dd8a0eca78e9411b914b2ca3db3aaf6a45d03a6663caa17f2e2def93011d0867
- b175e1d4fe69da0be4db63996a804b204005923aabeedd9c02b615ea04986303
- ade2993e77fb44369f53e14835c2c7d6ccee2321d59b106b7207e85d16c08898
- 58c1e49c67e5b7bcf10d30e370685d10c2fa263f24b8d099a97005c7a35f1346
- cf1a1c9aee2f973048cdc47eb982a89a85c2dbe64edd3f49d9d0e849c6b50b60
- 7599cbc406df381089b9d6c6b4a010cbaeae03462500164276e73a85712b5b34
- 59519f09bfcd2e641bf2e8f328cf53a2
- 1d9c4f86b96ed2393967188b131b7c437d29d77c696377f702e2bdc65a07cf23
- a1497ccd1d45a04046e918e2b115fe66d5931cc6a7c73eca294a68358ffde180
- 1575c2e7979fb3384ede378ca28021395db25b2b
- 898dde9055fb79d38470939940110aee98a83bbcfa2a0399c870de444540a56e
- df7a54b20e06da4ea31e01976e19c075
- 91182117389f1a5173b53400394a3dccb8837028c37825e3ebf2b4d4515e54ab
- f5a8ceb27bea2b49cc0c38da3b9007efc12db19e
- 1028f6a42f2acda241b8a7e714b2359501a583e2
- 662aee66e12aba1259a2aa9235f4618fb09fe919
- ea1b8169ae51fd601dfb36549517b416cc7e2e5e
- 645c735537634ae0a32b15a7c6cba7d4
- fc64bbc33e755451ba25d13209338bd628d68534d13cbf00992ae0f5fc97ca04
- f77379a8490b408bbe5f6940505a777b
- a53a9ca8a074c7108f8412c3f8c1fc5d
- 4d4408cfd0d144859184d1e65d7c8a65
- 1b3bb94037f04bbf81028e135a12d293
- 32addf18477324f478bf93ac22be65550bc71450c9bc4fe49aa3be22219aae65
- 7c9312ebe2afc299a0835a32700cdd2c5099c228799414c48058c0fb6095df9b
- 060eb4ce798e9e2470f4a36139c5c03c0bfacf0a611199b056280efc290f5861
- d39792100884954d6e95895d85afdd59e7dec7d94d27e0b99b97ce2cd11610d4
- 52db1f284a0dccbb750314cf765131a17a8284a2aeea04701a2b71f35fb9d9ee
- daeba5633a414f92b666607203dcf0fd8bd023d619f4a25908e38837fd9a14bc
- 6020ea571ee6e09a0500421823fd5292858bd763acc4089a56af414cfb0c82ae
- 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
- aa99338898c90e38e24c0e45ca891e25d468241d4fdba7108773ae1506c8cafb
- 97876c085318d8606e8478976d98dab77a7e905a87a4b0a27e20d794af25cd4c
- e7d68c174f38704d3bd220ce204117f558c60b348f24176b96fd7887602c30c6
- 7db58b72a3493a86e847c3685eca74c690d50b55
- 4c15a5914d399a97dce2cf6452b991e5848f1f712397e9ff8381bd5cd3b8c9c0
- e39dba3b8bd0cd6863d2c7ce9248fcc827a03a8906a08093d56fa85ec16bc5ba
- 822c45a52cad26af77ea25f121724999
- 6bbd95ee977941e497c48be27c254128
- ec387f577b844b8fa948f33cad9a75e6
- fd280e33e84c88e97860930557dba3ff80b1a82d
- 6e262c096efc1c149fa5eb7cfc804045
- a191b683a9307276f0fc68a2a9253da1
- 5aadd8e954dc4b1a8c954d63fd9e1137
- af55a6f75b544431b72649f36ff6d62c
- b10d8bb537ab05e51f08d0b942ee9f92f3226d118fcac794d1a7396bbc0b531f
- a7efe6f7ee305427b023e0bd95e1f7de96e16ad36603ed8e01be859188015e63
- 5d41402abc4b2a76b9719d911017c592
- a5d594c8de979074f2d22b37bb01b04fd738295a9388862141252201e028813e
- f8dca20f0394e6c11a9bd8b9706e1dd9bca8f8f72d4edff36fbf311b0f40a610
- 050e8dcab5f3456b1ff65666d2afe3c3769288a2f1c83baa368010f592c7e808
- cc123e35363aeace09900bf3de76080eb46f7e04edede742dbdf2d80be129cc0
- 98268866d1d54a499c4e98921d93bc40
- 5e307ef3aa9f20d963382700173530cdc455c1523631bbe22ede3710a2a30373
- abfa83cf54db8fa548942acd845b4f34acc94c46d4e1fb5ce7e97cc0c6596676
- 87e8230a9ca3f0c5ccfa56f70276e2f2
- 007b5cd6d6acf972f7743f79e23cab9bb2ecbee3
- 7f7b18413fc3affe2b839c2d1f1638ef
- 0b1f6abed1e4d78bf0bccc60204a87b397911d008910329b23560c6d6306b8a2
- d5ffe5bab9b5b74bfe8dcc79c1438854a90ee930ae9106820d9488b7c729d49d
- 95ca5c994e1ec93f51fc072405855af4
- e5ed924d7e5d527c6398a9eb789036a921f66f658162971058a18315611aa84f
- 565031eaffb9b309737c04e9b6c6f865
- fc2e22bc6ee647b6b90729ab34a250b1
- 03e939a5a929151fc6fa3cf5df19db37
- b9975c8f8f4b7ebd3a0b2148ecbb5bb66dc9e369
- f62c8a93e2fdeb5e4a334f11dde380d632e03f5c919ae4f54a69c30de57bddb7
- 247f19b1b667c458efb6d1419e763c9501d37e24fe31d0eddefa6654b3663c6a
- 7459b0cef7ec5800c67c4179bebb5276e1a21582baa1beef54c965e1d687fcbb
- afcc2efb164ed48d42cbfc5b53824c905b69f32f
- 261cc6266047d51e5b1ccab3829be1502ce19d30
- e82e69472b1b33ad0a35cc5459d06064
- 79e05b67bc4545d1922fe47107ee60c5
- def0626f2ff318b0d76bb6e3953652c7803ee1506170101a5547188e975a2e3c
- a0eee7cd05ca3dbddb57414df99768c05ade18f9c13fb31e686558e636badf26
- 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
- d9ec5e95e4b646aaaea2fd05214edbda
- 56036c2490e63a3e55df4558f7ecf893
- b33ffa18c79888e8dd64aa9e3c9a60f1a66757377d8e8dbabe894b71b492f196
- 41ada060e3cd9e93ac5aa6b5e3f9b315abf4c640
- b491cad0ac4780fb6c32249d5f1510037c178d89506eb0a6c8afe9b160d98189
- 42fc8cd9a443afad18082a067ec40738
- 0f1465b2d4e2efcfdfc10074889c9beb361ade35
- b6a61df3254bda3056900937e3e162ddeec3239bc5e1ac3488cef9aafbda21e4
- dcd69a2eac01a659e20dbea80a14a8c3117b2cad184122a96f49173debe51312
- 480a42e823456e5c78348a3f85beec0d02581bbfd255dad5cb208c16862f3995
- 314dfc646758738fdadb7fade661afc595b48d00
- eda49e8b2e9f9287b568c8ca8d1c2492d3a9789b
- abe8e7db84be416f0a76e5cb12d5c15cfea879ba0ba376db29458a8d8bb902d3
- d60bee4a2e5a60e1ad0afa51ab627b5d
- 55d9836dddac73e611cf7bfac7d2066cc0961e05337d1f91837680e4c57b8816
- ea0f589e4bc2737119a1730477f8929b
- c14aaf76ec284a5fa1f105f88dfb061c
- 1276480838340dcbc699d1f32f30a5e9
- 39f53479d3a045ac8e11786248231fbf
- 6b734c88958bfe7447e6702844486156daf7a54cbd0a1cf9b7bfef98daadf519
- a4a3d9ac1df13736a29a615fc86b5f3835aba11d
- 70427d9f70306cd4e6f48ca95b786a44e237a543
- a60815382b152318ca94ff8dc839e14041eb7478
- 11ee5f269902e37ab15e8ae2c5d37412
- 2b14437dfe3b87167b5dd76c48845f12bff640ae
- 9375cff0413111d3b88a00104b2a6676
- dacc767bcb9570cfd44ddfc3b7debc89c3d540ea72dcb1fe81e7eae041ce110e
- 9e302d473fe20d9adcef23657fc18fcf701e8439af537ac12aacce3378b5d78d
- afb70782d7c4e422bb367c14903236bd7c675f1f
- 22c078671e0b67aa3011b866c6d8346d0b018e3c7601a8f64a7b4dcf0a315d52
- 3781e7a34bc6e4b761854e92ddc829392e96c627f708f067893e4776c209c0c4
- 8aa9d35d9026c19e82a9f200bf758e6f
- b3b970ba2a434ca224efafe05aad1d06
- 2fd40e6a6d994000fff72ab0ae38688b
- 7007cf53bcd0083baba202d8ac2d9070
- af7ae505a9eed503f8b8e6982036873e
- 0af6dcc739b94c66f657fb38141142b220db9fae
- d0ef65e3a5665f16972f62c0ea9fe35c0f1ab093320fc23784d3129868442e0e
- a24c82c2c4db20baef8998cb3c4935b74e83fec1a6c0e6bfcc64f4af19507b9c
- 820a419c5ee4cb633d321e32dec8d8595e0168d8
- 7cce82357f0d9ddab21ad3bdd22ece474abf15a6
- 8deb90f11f3596dbbfadeaa05fd5b40567a6d60a
- 4e3bc86b42923de0accd7fb896f1ead495873c768ad628fd996752e807becf09
- 50876a9db00f4c40bde1a2ad381c3a1b
- f72420b20ad91bea665dcf138d6a74ae
- 3892cf03a67b5857526982cfb9fc32a0dbf24d2b18cc5dd443544c9577c3bf78
- 1bfb3edb394d7c018e06ed31c7eea937
- 98ba30e41137f4472279c3d0ea38edbe8773c724
- 5fa55b6b9a680cf8dbd6b3c837c3ef15
- 2e5d4bf87b7f3893c933d0fd83747f75a7c1e9d28e424a64a5af9c444d0ca7ac
- 3bf3cee2a23b80237efc3bc0cab31c87
- c18a6b473de4a0a00e86a8bc09a733b3f88d0172ca67c952ad7d3fac44442224
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for nova
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1080
T1080
T1059
T1059
T1547
T1547
T1021.001
T1021.001
T1003
T1003
Victims(115)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Desert Micro | — | — | Technology | Unknown | about 5 hours ago | |
| Sunass | — | PE Peru | Government & Defense | Claimed | 3 days ago | |
| Kedah | — | MY Malaysia | Government & Defense | Claimed | 4 days ago | |
| NSW Government | — | AU Australia | Government & Defense | Data Leaked | 4 days ago | |
| Divine IT | — | BD Bangladesh | Technology | Claimed | 4 days ago | |
| Sky devices | — | US United States | Technology | Claimed | 4 days ago | |
| Bandung | — | ID Indonesia | Government & Defense | Claimed | 5 days ago | |
| Trevi | — | IT Italy | Technology | Unknown | 10 days ago | |
| Universitas Nasional | — | ID Indonesia | Education | Claimed | 14 days ago | |
| Aspire hospital | — | IN India | Healthcare | Claimed | 14 days ago | |
| Everlite concept | — | FR France | Manufacturing | Unknown | 17 days ago | |
| IBENA Textilwerke | — | DE Germany | Manufacturing | Unknown | 17 days ago | |
| BC3 Tecnologia | — | BR Brazil | Technology | Claimed | 20 days ago | |
| LTI Services and Larick Towing | — | US United States | Transportation | Data Leaked | 20 days ago | |
| Daegu University AI Department | — | KR South Korea | Education | Claimed | 21 days ago | |
| Badan Pangan Nasional | — | ID Indonesia | Other | Claimed | 21 days ago | |
| casasafer | — | IT Italy | Retail & E-Commerce | Claimed | 23 days ago | |
| My English House academy | — | ES Spain | Education | Claimed | 23 days ago | |
| Textile Testing Services of America | — | MX Mexico | Education | Unknown | 24 days ago | |
| Eriell | — | RU Russia | Energy & Utilities | Claimed | 24 days ago |
Page 1 of 6
Affected countries(57)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇱Albania🇦🇷Argentina🇦🇹Austria🇦🇺Australia🇧🇩Bangladesh🇧🇪BelgiumBolivia, Plurinational State of🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇴Colombia🇩🇪Germany🇩🇴Dominican Republic🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇬🇭Ghana🇬🇷Greece🇭🇷Croatia🇮🇩Indonesia🇮🇳India🇮🇶Iraq🇮🇹Italy🇯🇵Japan🇰🇪KenyaKorea, Republic of🇱🇰Sri Lanka🇱🇺Luxembourg🇲🇽Mexico🇲🇾Malaysia🇳🇱Netherlands🇳🇴Norway🇵🇪Peru🇵🇭Philippines🇵🇰Pakistan🇵🇱Poland🇵🇹Portugal🇷🇴RomaniaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇻El Salvador🇹🇳Tunisia🇹🇷TurkeyTaiwan, Province of China🇺🇦Ukraine🇺🇸United States🇺🇿UzbekistanVenezuela, Bolivarian Republic of🇻🇳Vietnam🇿🇦South Africa🇿🇲Zambia🇿🇼ZimbabweGlobal