Ransomware Group: NOVA

VICTIM NAME: Portel Logistic Technologies

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NOVA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak involves Portel Logistic Technologies, a company operating within the technology sector in Spain. The attack was publicly disclosed on June 30, 2025, and the breach affected the company’s financial, operational, and logistics systems. As part of the leak, sensitive data related to the company’s business activities has been published on the dark web, with the threat actors claiming responsibility for the attack. The leak includes references to internal software solutions supporting key operational processes. No specific personal or sensitive data has been detailed publicly, but the presence of data leaks indicates potential exposure of confidential information. The threat group responsible for the attack is identified as “nova,” and relevant images or screenshots are not publicly available at this time. Download links or data dumps related to this incident are accessible via the provided claim URL. Overall, this incident highlights the ongoing risks facing logistics and technology companies in the cyber threat landscape.

The compromised victim is a logistics-focused technology firm based in Spain. The attack disrupted core systems essential for managing financial and logistical operations, raising concerns about the potential broader impact on supply chain processes. The leak page suggests that the attackers have accessed and possibly exfiltrated corporate data, though specific details remain undisclosed. The breach was discovered promptly on the same day as the attack announcement, indicating active detection efforts. While images or detailed evidence of the leaks are not publicly shown, the leak URL points to a threat actor claiming to have stolen data and prepared to release additional information unless ransom demands are met. This incident underscores the importance of cybersecurity vigilance within the logistics and technology sectors to prevent or mitigate similar attacks in the future.