[NOVA] – Ransomware Victim: Castilla

AI Generated Summary of the Ransomware Leak Page

On November 2, 2025, a leak post published by the Nova group publicly identifies Castilla as a ransomware victim. Castilla is described as a consumer services company headquartered in Soria, Castile and León, Spain. The entry notes a small workforce of five to nine employees and annual revenue in the range of one to five million euros. The post presents Castilla’s basic corporate profile as part of a broader leak that catalogs multiple victims. Within Castilla’s section, there is no explicit statement about whether the data was encrypted or whether a ransom demand has been issued. The post does indicate the presence of a claim URL, suggesting the attackers offer access to exfiltrated data or negotiation terms, but the exact details are not included in this summary. The excerpt exists within a multilingual leak page that also contains material about other victims and industries.

The leak page includes a substantial visual component, with 38 image assets accompanying Castilla’s entry. The images are described here in general terms and are likely a mix of logos and document-style visuals; the actual image URLs are not reproduced in this summary. The combination of these visuals with the post date reinforces the page’s typical ransomware leak pattern, where media accompanies victim metadata to corroborate claims of data exposure. Personal identifiers such as emails, phone numbers, and addresses have been redacted, while the victim name Castilla is retained for attribution. The page’s multilingual context indicates a broad, global scope of the leak, though Castilla’s entry itself remains focused on presenting a concise corporate profile alongside the post date of the disclosure.