[NOVA] – Ransomware Victim: Papsud
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the NOVA Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On October 25, 2025, the leak post published by the Nova group identifies Papsud as a ransomware victim. Papsud is described as a French office products retailer operating in the Office Products Retail & Distribution sector, based in Marseille, France. The company is cited as having between 10 and 19 employees and annual revenue in the 1–5 million euro range. The post claims that roughly 100 GB of data was stolen, including government billing data and customer information such as invoices and identifying details. The leak frames the incident as data exfiltration with the potential for public release or sale of the stolen information. A claim URL is indicated on the page, and the post attributes the leak to the Nova group. Because no explicit compromise date is provided in the extracted material, October 25, 2025 (the post date) is used as the reference date for the incident.
The page features a substantial image gallery—36 image attachments—that appear to be internal document screenshots and logos used to illustrate the breach and the types of data allegedly affected. The images are presented as evidence of exfiltration, though their contents are not described in detail in the excerpt. Several of the image sources reference onion-based hosting; in publicly shared copies these URLs are defanged to reduce exposure (for example, the domain is shown with [.] to indicate an onion address). The excerpt also contains non-English passages, including German text, which has been translated into English for readability. Taken together, the combination of numerous image attachments and multilingual material is typical of ransomware leak sites that aggregate data from multiple victims, while Papsud remains the central named victim in this listing.
No explicit ransom amount is stated within the captured text. The record notes the presence of a claim URL on the leak page, though the actual address is not included here. The victim is located in France, the described sector is Office Products Retail & Distribution, and the leak is attributed to the Nova group. The excerpt also references other organizations across different regions, which is consistent with leak portals that curate data from multiple entities and may indicate broader data exfiltration activity beyond a single victim.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
