Ransomware Group: NOVA

VICTIM NAME: novaevo+ / T[.]consulT

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NOVA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a case involving a digital attack on the software solution known as “Novaevo,” which is developed by T.consulT, an Italian company specializing in managing technical documentation for industrial sectors such as aerospace and defense. The attack was publicly disclosed on May 8, 2025, when the victim’s data appeared on a dark web leak site. The specific details of the compromise, including the exact nature of the data accessed, have not been fully detailed, but the leak suggests a malicious breach targeting sensitive technical information. The page indicates that hackers may have claimed to possess data related to the company’s software, although no explicit PII or sensitive credentials are visible in the summary. The leak fraudulently claims to have control over or access to the victim’s digital files. It is important to note that the activity was linked to the group “nova,” and the incident was discovered on the same day it was claimed. The disclosure is part of a wider trend where industrial and tech companies are targeted for ransomware extortion efforts. The page may include links to download compromised data or proof of breach, although specific URLs are not provided here. The context implies a focus on industrial cybersecurity risks, especially for organizations managing critical technical documentation.

The leak page does not include images, screenshots, or explicit mention of the content of the leaked files. The victim’s industry is associated with advanced technical solutions in industrial sectors, with operations based in Germany. The description emphasizes the nature of the targeted software and the potential implications for the organization’s intellectual property and operational security. The attack date is precisely recorded as May 8, 2025, indicating a recent breach at the time of disclosure. No personal or proprietary PII is publicly disclosed in the leak summary, aligning with responsible reporting standards. Overall, the incident highlights the importance of robust cybersecurity measures in protecting sensitive industrial digital assets from ransomware threats.