Ransomware Group: NOVA

VICTIM NAME: Clinical Diagnosis

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NOVA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page identifies the victim as Clinical Diagnosis, a healthcare organization based in the Netherlands. The post date is August 17, 2025. The attackers claim to have exfiltrated approximately 300GB of data and frame this as a data breach and extortion event, warning that all data will be leaked within 10 days if the ransom is not paid. The page lists one downloadable item described as “sign[.]zip” with the label “Download sign,” and directs negotiation through a defanged contact path (hxxp://getsession[.]org) linked to a redacted identifier. There are no screenshots or other images on the page.

The page contains an update indicating a leaker partner willing to buy the data for 11 BTC; the attackers state they will halt dealings with that partner if the victim’s price is higher or equal to the bid. They claim to be able to provide a decryptor to restore access once payment is made and mention escrow as an option. The text includes assertions about evading police or law enforcement if paid, and a range of statements about deleting samples and data and even philanthropic claims, all presented as part of the extortion narrative. The same defanged contact channel is indicated for negotiation, and no direct URLs or contact details are provided in this summary.

With 300GB of healthcare data referenced for a Netherlands-based entity, this page underscores the ongoing risk ransomware and data extortion pose to patient information and healthcare operations. The absence of images and the presence of a single downloadable file, combined with a textual negotiation pathway, are characteristic of a text-driven leak post rather than a fully disclosed data dump. The post date serves as the public release timestamp for this incident, focusing attention on the victim name Clinical Diagnosis and the associated threat landscape facing the healthcare sector.