[NOVA] – Ransomware Victim: BRDSoft

AI Generated Summary of the Ransomware Leak Page

BRDSoft is identified as a ransomware victim on a leak page attributed to the Nova group. The post, dated October 21, 2025, claims BRDSoft’s networks were compromised around October 19, 2025 and that the attackers exfiltrated roughly 350 GB of BRDSoft data while encrypting the victim’s systems. This framing is consistent with double-extortion ransomware patterns, where data theft and encryption are combined to pressure a ransom. The page does not disclose a ransom amount for BRDSoft. The description indicates BRDSoft operates in IT and telecommunications, serving telecom operators, call centers, hosting providers, data centers, and ISPs.

The leak page also contains a gallery of 34 image assets, described in the metadata as screenshots or visual evidence related to BRDSoft’s environment. The imagery appears to be a mix of logos and internal-document thumbnails; the exact contents of these images are not detailed in the textual summary. The page includes multilingual blocks, with segments in English and German, including a line translated as “We build for your future.” The attackers imply a method to contact them for negotiation or recovery via a claim URL on the leak page, though no direct links are provided in this summary (defanging any URLs if published).

Timeline and scope notes indicate a compromise date of October 19, 2025 and a post date of October 21, 2025 for BRDSoft. The post asserts data exfiltration and encryption but does not specify a ransom figure for this victim in the available text. The combination of encryption and a substantial image gallery, coupled with a negotiation-oriented prompt, aligns with common ransomware leak-page behavior and underscores ongoing risk to BRDSoft’s IT and telecommunications footprint.