Ransomware Group: NOVA

VICTIM NAME: Dansoft

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NOVA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Dansoft, a company established in 1989 that originally specialized in defense projects. Over time, the organization shifted its focus towards developing enterprise resources planning (ERP) and software systems for various industries, including IT management and cloud hosting services. The breach was publicly disclosed on July 13, 2025, indicating a confirmed attack date. The leak appears to include data related to the company’s operations and infrastructure, but specific sensitive details are not publicly disclosed in the summary.

The leak site references a claim URL, which is hosted on an onion network, suggesting an anonymous, dark web platform where the stolen data may be accessible or further discussed. No detailed contents of the leak are provided, such as download links or explicit data files, but the presence of the leak suggests potential exposure of internal or proprietary information. The case involves the group identified as “nova,” although additional details about the scope or extent of the compromise are not available. The incident’s impact appears primarily related to the organization’s operational infrastructure, with no specific mention of PII or individual data being exposed.