Ransomware Group: NOVA

VICTIM NAME: Ensemble Montplaisir

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NOVA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page relates to an educational institution based in France, known as Ensemble Montplaisir. The attack was publicly disclosed on July 12, 2025. The organization provides tertiary training programs, including longer courses such as BTS in alternation, as well as shorter courses aimed at adult learners. The leak indicates the attacker group “nova” is responsible, and the event was discovered on the same day it was publicly revealed. No specific details about the compromised data have been provided, but the leak involves the potential exposure of internal or sensitive information related to educational activities. The page includes a link to a claim URL on the dark web, where further details or data may be accessed by authorized parties. The incident underscores the growing threat to educational and training institutions, which are increasingly targeted by cybercriminal groups seeking to exploit sensitive institutional data.

The leak page does not include visual content or screenshots, but mentions the existence of a claim URL, suggesting that the perpetrators have made a release or are offering a sample of the compromised data on the dark web. As the attack’s details are not extensively disclosed, the potential impact remains uncertain; however, the exposure of any institutional data could risk disruption to operations, privacy violations, or further malicious activities. The incident emphasizes the importance of cybersecurity measures for educational institutions, especially as attacks continue to rise globally. No personally identifiable information (PII) or specific internal documents are shown publicly, maintaining a focus on the general nature of the attack rather than exposing sensitive details.