Ransomware Group: NOVA

VICTIM NAME: Municipality of Pisa

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NOVA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The compromised entity is the Municipality of Pisa, an official public sector organization in Italy. The attack was publicly confirmed on May 10, 2025, and the incident involved a ransomware infection affecting their official online portal. The website, which serves as the primary digital resource for residents and businesses in Pisa, appears to have experienced modifications and disruptions since the attack. Multiple ransomware variants, including Lumma, Raccoon, RedLine, StealC, and Vidar, were identified in the infostealer statistics, indicating the attackers’ use of several malware tools to conduct data exfiltration and unauthorized access.

The threat actors behind this incident are believed to have targeted various third-party domains as part of their infiltration efforts. Although no press releases or public statements from the victim or authorities have been noted, the attack’s timeline shows a series of updates, including website modifications shortly after the breach was discovered. The leak page indicates that data related to the municipality, including potentially sensitive internal information, may have been accessed or compromised. The attackers have provided a claim URL through a dark web portal, suggesting ongoing negotiations or demands related to the ransom. The incident underscores the cybersecurity risks faced by public sector organizations and highlights the importance of robust defenses against ransomware threats.

No explicit details on the specific data leaked or the extent of the breach are available publicly. The image section remains unspecified, but reports suggest that screenshots of internal systems or documents could be part of the leak. The attackers claim responsibility through a dedicated dark web link, emphasizing the importance of cybersecurity vigilance. As the victim is a government organization, the incident has significant implications for public trust and operational continuity. Ongoing investigations and cybersecurity measures are likely underway to mitigate the impact and prevent future breaches.